diff --git a/2001/1xxx/CVE-2001-1127.json b/2001/1xxx/CVE-2001-1127.json index 9bcccd97d71..e27c2a13426 100644 --- a/2001/1xxx/CVE-2001-1127.json +++ b/2001/1xxx/CVE-2001-1127.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011005 Progress Database vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/218833" - }, - { - "name" : "3404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3404" - }, - { - "name" : "progress-strcpy-bo(7236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011005 Progress Database vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/218833" + }, + { + "name": "3404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3404" + }, + { + "name": "progress-strcpy-bo(7236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7236" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1158.json b/2001/1xxx/CVE-2001-1158.json index fe6aef85c86..8959cf277a2 100644 --- a/2001/1xxx/CVE-2001-1158.json +++ b/2001/1xxx/CVE-2001-1158.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010709 Check Point FireWall-1 RDP Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html" - }, - { - "name" : "20010709 Check Point response to RDP Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1" - }, - { - "name" : "20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx", - "refsource" : "CHECKPOINT", - "url" : "http://www.checkpoint.com/techsupport/alerts/rdp.html" - }, - { - "name" : "CA-2001-17", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2001-17.html" - }, - { - "name" : "VU#310295", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/310295" - }, - { - "name" : "L-109", - "refsource" : "CIAC", - "url" : "http://ciac.llnl.gov/ciac/bulletins/l-109.shtml" - }, - { - "name" : "fw1-rdp-bypass(6815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6815" - }, - { - "name" : "2952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2952" - }, - { - "name" : "1884", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2952" + }, + { + "name": "20010709 Check Point FireWall-1 RDP Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html" + }, + { + "name": "20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx", + "refsource": "CHECKPOINT", + "url": "http://www.checkpoint.com/techsupport/alerts/rdp.html" + }, + { + "name": "VU#310295", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/310295" + }, + { + "name": "CA-2001-17", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2001-17.html" + }, + { + "name": "L-109", + "refsource": "CIAC", + "url": "http://ciac.llnl.gov/ciac/bulletins/l-109.shtml" + }, + { + "name": "20010709 Check Point response to RDP Bypass", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1" + }, + { + "name": "1884", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1884" + }, + { + "name": "fw1-rdp-bypass(6815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6815" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1219.json b/2001/1xxx/CVE-2001-1219.json index ca9bdd50d99..64d5b47fee6 100644 --- a/2001/1xxx/CVE-2001-1219.json +++ b/2001/1xxx/CVE-2001-1219.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011220 MSIE DoS Using javascript", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/246649" - }, - { - "name" : "3730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3730" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3730" + }, + { + "name": "20011220 MSIE DoS Using javascript", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/246649" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1229.json b/2001/1xxx/CVE-2001-1229.json index 2f53d8f8ce4..84d08d25fbc 100644 --- a/2001/1xxx/CVE-2001-1229.json +++ b/2001/1xxx/CVE-2001-1229.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010312 Icecast / Libshout remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=98438880622976&w=2" - }, - { - "name" : "http://www.xiph.org/archives/icecast/0074.html", - "refsource" : "CONFIRM", - "url" : "http://www.xiph.org/archives/icecast/0074.html" - }, - { - "name" : "CLA-2001:387", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387" - }, - { - "name" : "RHSA-2002:063", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-063.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before 1.0.4 allow remote attackers to cause a denial of service (crash) and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:063", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-063.html" + }, + { + "name": "CLA-2001:387", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000387" + }, + { + "name": "http://www.xiph.org/archives/icecast/0074.html", + "refsource": "CONFIRM", + "url": "http://www.xiph.org/archives/icecast/0074.html" + }, + { + "name": "20010312 Icecast / Libshout remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=98438880622976&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2353.json b/2006/2xxx/CVE-2006-2353.json index f572c0b0ef3..4aae94487f9 100644 --- a/2006/2xxx/CVE-2006-2353.json +++ b/2006/2xxx/CVE-2006-2353.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060511 Ipswitch WhatsUp Professional multiple flaws", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433808" - }, - { - "name" : "ADV-2006-1787", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1787" - }, - { - "name" : "25473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25473" - }, - { - "name" : "20075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20075" - }, - { - "name" : "897", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/897" - }, - { - "name" : "whatsup-deviceselection-user-redirect(26502)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "whatsup-deviceselection-user-redirect(26502)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26502" + }, + { + "name": "20060511 Ipswitch WhatsUp Professional multiple flaws", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433808" + }, + { + "name": "20075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20075" + }, + { + "name": "ADV-2006-1787", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1787" + }, + { + "name": "897", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/897" + }, + { + "name": "25473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25473" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2801.json b/2006/2xxx/CVE-2006-2801.json index 2deb1b3861b..b8e3a8a0fb1 100644 --- a/2006/2xxx/CVE-2006-2801.json +++ b/2006/2xxx/CVE-2006-2801.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/unak-cms-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/unak-cms-vuln.html" - }, - { - "name" : "18253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18253" - }, - { - "name" : "ADV-2006-2116", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2116" - }, - { - "name" : "20410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20410" - }, - { - "name" : "unakcms-ua-us-sql-injection(26895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20410" + }, + { + "name": "ADV-2006-2116", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2116" + }, + { + "name": "18253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18253" + }, + { + "name": "unakcms-ua-us-sql-injection(26895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26895" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/unak-cms-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/unak-cms-vuln.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2957.json b/2006/2xxx/CVE-2006-2957.json index 76c866aa21d..5da241c40aa 100644 --- a/2006/2xxx/CVE-2006-2957.json +++ b/2006/2xxx/CVE-2006-2957.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20547", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20547", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20547" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6388.json b/2006/6xxx/CVE-2006-6388.json index dd59ab2114f..0570a3e5c08 100644 --- a/2006/6xxx/CVE-2006-6388.json +++ b/2006/6xxx/CVE-2006-6388.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21464", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21464" - }, - { - "name" : "23107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23107" - }, - { - "name" : "linkcms-naprednapretraga-xss(30745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21464", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21464" + }, + { + "name": "23107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23107" + }, + { + "name": "linkcms-naprednapretraga-xss(30745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30745" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6426.json b/2006/6xxx/CVE-2006-6426.json index a1c37b5efde..c38a897e373 100644 --- a/2006/6xxx/CVE-2006-6426.json +++ b/2006/6xxx/CVE-2006-6426.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2898", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2898" - }, - { - "name" : "http://svn.berlios.de/viewcvs/thinkedit/trunk/design/thinkedit/render.php?rev=321&r1=230&r2=321", - "refsource" : "CONFIRM", - "url" : "http://svn.berlios.de/viewcvs/thinkedit/trunk/design/thinkedit/render.php?rev=321&r1=230&r2=321" - }, - { - "name" : "ADV-2006-4906", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4906" - }, - { - "name" : "1017359", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017359" - }, - { - "name" : "23279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23279" - }, - { - "name" : "thinkedit-render-file-include(30772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://svn.berlios.de/viewcvs/thinkedit/trunk/design/thinkedit/render.php?rev=321&r1=230&r2=321", + "refsource": "CONFIRM", + "url": "http://svn.berlios.de/viewcvs/thinkedit/trunk/design/thinkedit/render.php?rev=321&r1=230&r2=321" + }, + { + "name": "ADV-2006-4906", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4906" + }, + { + "name": "23279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23279" + }, + { + "name": "1017359", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017359" + }, + { + "name": "thinkedit-render-file-include(30772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30772" + }, + { + "name": "2898", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2898" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6570.json b/2006/6xxx/CVE-2006-6570.json index caf840ac8f4..8063519bc84 100644 --- a/2006/6xxx/CVE-2006-6570.json +++ b/2006/6xxx/CVE-2006-6570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich \"foap\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454385/100/0/threaded" - }, - { - "name" : "21595", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21595" - }, - { - "name" : "2035", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2035" - }, - { - "name" : "genesis-form-file-upload(30889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich \"foap\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21595", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21595" + }, + { + "name": "20061214 GenesisTrader v1.0 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454385/100/0/threaded" + }, + { + "name": "genesis-form-file-upload(30889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30889" + }, + { + "name": "2035", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2035" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7089.json b/2006/7xxx/CVE-2006-7089.json index f973a767a80..8d7320d6c76 100644 --- a/2006/7xxx/CVE-2006-7089.json +++ b/2006/7xxx/CVE-2006-7089.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061028 Re: Ban v0.1 (bannieres.php) File Include", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116205673106780&w=2" - }, - { - "name" : "ban-connexion-sql-injection(29863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ban-connexion-sql-injection(29863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29863" + }, + { + "name": "20061028 Re: Ban v0.1 (bannieres.php) File Include", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116205673106780&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0261.json b/2011/0xxx/CVE-2011-0261.json index 7db0050538d..8d9ddeb507e 100644 --- a/2011/0xxx/CVE-2011-0261.json +++ b/2011/0xxx/CVE-2011-0261.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-003/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-003/" - }, - { - "name" : "HPSBMA02621", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "SSRT100352", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "45762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45762" - }, - { - "name" : "1024951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024951" - }, - { - "name" : "ADV-2011-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0085" - }, - { - "name" : "hp-opennnm-jovgraph-bo(64655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a malformed displayWidth option in the arg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02621", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "ADV-2011-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0085" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-003/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-003/" + }, + { + "name": "SSRT100352", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "45762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45762" + }, + { + "name": "1024951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024951" + }, + { + "name": "hp-opennnm-jovgraph-bo(64655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64655" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2148.json b/2011/2xxx/CVE-2011-2148.json index 8fc8c45b8c3..c53327d13c7 100644 --- a/2011/2xxx/CVE-2011-2148.json +++ b/2011/2xxx/CVE-2011-2148.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an \"OS command injection\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" - }, - { - "name" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" - }, - { - "name" : "VU#240150", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/240150" - }, - { - "name" : "smarterstats-frmsite-command-exec(67834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingText parameter, or (6) the ctl00_MPH_grdLogLocations_HiddenLSR parameter, related to an \"OS command injection\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smarterstats-frmsite-command-exec(67834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67834" + }, + { + "name": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MORO-8GYQR4" + }, + { + "name": "VU#240150", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/240150" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2581.json b/2011/2xxx/CVE-2011-2581.json index 91e39baec06..b2ecad1b231 100644 --- a/2011/2xxx/CVE-2011-2581.json +++ b/2011/2xxx/CVE-2011-2581.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110907 Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9250c.shtml" - }, - { - "name" : "1026019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026019" - }, - { - "name" : "45883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026019" + }, + { + "name": "20110907 Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b9250c.shtml" + }, + { + "name": "45883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45883" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2608.json b/2011/2xxx/CVE-2011-2608.json index c1064fcefd8..2995f42ecab 100644 --- a/2011/2xxx/CVE-2011-2608.json +++ b/2011/2xxx/CVE-2011-2608.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt" - }, - { - "name" : "HPSBMU02691", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131188898632504&w=2" - }, - { - "name" : "SSRT100483", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=131188898632504&w=2" - }, - { - "name" : "48481", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48481" - }, - { - "name" : "1025715", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025715" - }, - { - "name" : "45079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45079" - }, - { - "name" : "hp-operations-ovbbccb-file-deletion(68269)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance Agent 4.70 and 5.0; and Operations Agent 11.0, 8.60.005, 8.60.006, 8.60.007, 8.60.008, 8.60.501, and 8.53; allows remote attackers to delete arbitrary files via a full pathname in the File field in a Register command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025715", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025715" + }, + { + "name": "hp-operations-ovbbccb-file-deletion(68269)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68269" + }, + { + "name": "HPSBMU02691", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131188898632504&w=2" + }, + { + "name": "SSRT100483", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=131188898632504&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/ovbbccb_1-adv.txt" + }, + { + "name": "48481", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48481" + }, + { + "name": "45079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45079" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2691.json b/2011/2xxx/CVE-2011-2691.json index 71f085b85f7..99ea8eaae76 100644 --- a/2011/2xxx/CVE-2011-2691.json +++ b/2011/2xxx/CVE-2011-2691.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110713 Security issues fixed in libpng 1.5.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/13/2" - }, - { - "name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261", - "refsource" : "CONFIRM", - "url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261" - }, - { - "name" : "http://www.libpng.org/pub/png/libpng.html", - "refsource" : "CONFIRM", - "url" : "http://www.libpng.org/pub/png/libpng.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720608", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720608" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "DSA-2287", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2287" - }, - { - "name" : "FEDORA-2011-9336", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html" - }, - { - "name" : "GLSA-201206-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml" - }, - { - "name" : "HPSBMU02776", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "SSRT100852", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" - }, - { - "name" : "MDVSA-2011:151", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151" - }, - { - "name" : "48660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48660" - }, - { - "name" : "45046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45046" - }, - { - "name" : "45405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45405" - }, - { - "name" : "45492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45492" - }, - { - "name" : "49660", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49660" - }, - { - "name" : "libpng-pngdefaulterror-dos(68537)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49660", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49660" + }, + { + "name": "48660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48660" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=720608", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=720608" + }, + { + "name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261", + "refsource": "CONFIRM", + "url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261" + }, + { + "name": "45046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45046" + }, + { + "name": "libpng-pngdefaulterror-dos(68537)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68537" + }, + { + "name": "MDVSA-2011:151", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:151" + }, + { + "name": "GLSA-201206-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201206-15.xml" + }, + { + "name": "http://www.libpng.org/pub/png/libpng.html", + "refsource": "CONFIRM", + "url": "http://www.libpng.org/pub/png/libpng.html" + }, + { + "name": "FEDORA-2011-9336", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html" + }, + { + "name": "DSA-2287", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2287" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "45405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45405" + }, + { + "name": "[oss-security] 20110713 Security issues fixed in libpng 1.5.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/13/2" + }, + { + "name": "SSRT100852", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "45492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45492" + }, + { + "name": "HPSBMU02776", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2842.json b/2011/2xxx/CVE-2011-2842.json index 1b1fcdcafa2..b5530c1d78c 100644 --- a/2011/2xxx/CVE-2011-2842.json +++ b/2011/2xxx/CVE-2011-2842.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=80680", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=80680" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "75542", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75542" - }, - { - "name" : "oval:org.mitre.oval:def:14428", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14428" - }, - { - "name" : "chrome-installer-sec-bypass(69869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in Google Chrome before 14.0.835.163 on Mac OS X does not properly handle lock files, which has unspecified impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-installer-sec-bypass(69869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69869" + }, + { + "name": "75542", + "refsource": "OSVDB", + "url": "http://osvdb.org/75542" + }, + { + "name": "oval:org.mitre.oval:def:14428", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14428" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=80680", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=80680" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3262.json b/2011/3xxx/CVE-2011-3262.json index c76999bc0bc..aab463e894c 100644 --- a/2011/3xxx/CVE-2011-3262.json +++ b/2011/3xxx/CVE-2011-3262.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html" - }, - { - "name" : "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - }, - { - "name" : "xen-xcdombzimageloader-dos(69381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to \"Lack of error checking in the decompression loop.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html" + }, + { + "name": "xen-xcdombzimageloader-dos(69381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69381" + }, + { + "name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3351.json b/2011/3xxx/CVE-2011-3351.json index 5a4dce52cb2..c75e4aec7cf 100644 --- a/2011/3xxx/CVE-2011-3351.json +++ b/2011/3xxx/CVE-2011-3351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3420.json b/2011/3xxx/CVE-2011-3420.json index e662f73c814..01fbc1a1cda 100644 --- a/2011/3xxx/CVE-2011-3420.json +++ b/2011/3xxx/CVE-2011-3420.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks_06.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks_06.html" - }, - { - "name" : "75377", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75377" - }, - { - "name" : "oval:org.mitre.oval:def:14032", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14032" - }, - { - "name" : "chrome-multiple-unspecified(69729)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-multiple-unspecified(69729)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69729" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks_06.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks_06.html" + }, + { + "name": "oval:org.mitre.oval:def:14032", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14032" + }, + { + "name": "75377", + "refsource": "OSVDB", + "url": "http://osvdb.org/75377" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3558.json b/2011/3xxx/CVE-2011-3558.json index e57a1914702..4ea235a120a 100644 --- a/2011/3xxx/CVE-2011-3558.json +++ b/2011/3xxx/CVE-2011-3558.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02730", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "SSRT100710", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:1384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html" - }, - { - "name" : "USN-1263-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1263-1" - }, - { - "name" : "50242", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50242" - }, - { - "name" : "76510", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76510" - }, - { - "name" : "oval:org.mitre.oval:def:13475", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13475" - }, - { - "name" : "1026215", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026215" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "oracle-java-hotspot-info-disc(70835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to HotSpot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "50242", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50242" + }, + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "HPSBUX02730", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "SSRT100710", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2" + }, + { + "name": "RHSA-2011:1384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "76510", + "refsource": "OSVDB", + "url": "http://osvdb.org/76510" + }, + { + "name": "1026215", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026215" + }, + { + "name": "USN-1263-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1263-1" + }, + { + "name": "oval:org.mitre.oval:def:13475", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13475" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + }, + { + "name": "oracle-java-hotspot-info-disc(70835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70835" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4290.json b/2011/4xxx/CVE-2011-4290.json index 7bbeabdf347..b86080760fd 100644 --- a/2011/4xxx/CVE-2011-4290.json +++ b/2011/4xxx/CVE-2011-4290.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/11/14/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5a3010310bff0b3946804a72ca2d6bc166a0028f", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5a3010310bff0b3946804a72ca2d6bc166a0028f" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=175592", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=175592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/11/14/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5a3010310bff0b3946804a72ca2d6bc166a0028f", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5a3010310bff0b3946804a72ca2d6bc166a0028f" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=175592", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=175592" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4573.json b/2011/4xxx/CVE-2011-4573.json index b006f516ce9..4f13c7f51b9 100644 --- a/2011/4xxx/CVE-2011-4573.json +++ b/2011/4xxx/CVE-2011-4573.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \"modify resource\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=760024", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=760024" - }, - { - "name" : "RHSA-2012:0089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0089.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \"modify resource\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=760024", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024" + }, + { + "name": "RHSA-2012:0089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1093.json b/2013/1xxx/CVE-2013-1093.json index 358c658d002..f49be74664b 100644 --- a/2013/1xxx/CVE-2013-1093.json +++ b/2013/1xxx/CVE-2013-1093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012025", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012025" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012499", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012499" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012027", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the directToPage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012027", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012027" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012025", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012025" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012499", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012499" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1112.json b/2013/1xxx/CVE-2013-1112.json index d57f088de9f..91450c6200a 100644 --- a/2013/1xxx/CVE-2013-1112.json +++ b/2013/1xxx/CVE-2013-1112.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130125 Cisco Carrier Routing System Small Packets Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1112" - }, - { - "name" : "57604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57604" - }, - { - "name" : "89643", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Carrier Routing System (CRS) allows remote attackers to cause a denial of service (packet loss) via short malformed packets that trigger inefficient processing, aka Bug ID CSCud79136." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57604" + }, + { + "name": "89643", + "refsource": "OSVDB", + "url": "http://osvdb.org/89643" + }, + { + "name": "20130125 Cisco Carrier Routing System Small Packets Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1112" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1278.json b/2013/1xxx/CVE-2013-1278.json index 237f35e27d8..fce3689d996 100644 --- a/2013/1xxx/CVE-2013-1278.json +++ b/2013/1xxx/CVE-2013-1278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka \"Kernel Race Condition Vulnerability,\" a different vulnerability than CVE-2013-1279." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-017" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "oval:org.mitre.oval:def:16313", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka \"Kernel Race Condition Vulnerability,\" a different vulnerability than CVE-2013-1279." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS13-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-017" + }, + { + "name": "oval:org.mitre.oval:def:16313", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16313" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1516.json b/2013/1xxx/CVE-2013-1516.json index da71d54bcd1..ca7c93470df 100644 --- a/2013/1xxx/CVE-2013-1516.json +++ b/2013/1xxx/CVE-2013-1516.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1963.json b/2013/1xxx/CVE-2013-1963.json index 7110d56e19b..de2b999ba11 100644 --- a/2013/1xxx/CVE-2013-1963.json +++ b/2013/1xxx/CVE-2013-1963.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-018/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-018/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/oC-SA-2013-018/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5040.json b/2013/5xxx/CVE-2013-5040.json index bbc69ae43df..f5a70bc7e88 100644 --- a/2013/5xxx/CVE-2013-5040.json +++ b/2013/5xxx/CVE-2013-5040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5040", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5040", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5089.json b/2013/5xxx/CVE-2013-5089.json index 25f99e1bbac..53ee3deefc8 100644 --- a/2013/5xxx/CVE-2013-5089.json +++ b/2013/5xxx/CVE-2013-5089.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5089", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5089", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5246.json b/2013/5xxx/CVE-2013-5246.json index 24a511f9c95..299331c0da5 100644 --- a/2013/5xxx/CVE-2013-5246.json +++ b/2013/5xxx/CVE-2013-5246.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5246", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5246", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5598.json b/2013/5xxx/CVE-2013-5598.json index 4be6440eb51..eb76ad62f38 100644 --- a/2013/5xxx/CVE-2013-5598.json +++ b/2013/5xxx/CVE-2013-5598.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-99.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-99.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=920515", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=920515" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "openSUSE-SU-2013:1634", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" - }, - { - "name" : "openSUSE-SU-2013:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:19133", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "openSUSE-SU-2013:1634", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=920515", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=920515" + }, + { + "name": "oval:org.mitre.oval:def:19133", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19133" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-99.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-99.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2337.json b/2014/2xxx/CVE-2014-2337.json index ba5d54492d8..e83dcf767a9 100644 --- a/2014/2xxx/CVE-2014-2337.json +++ b/2014/2xxx/CVE-2014-2337.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2337", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2337", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2374.json b/2014/2xxx/CVE-2014-2374.json index 7a74b289e19..a32e43ee231 100644 --- a/2014/2xxx/CVE-2014-2374.json +++ b/2014/2xxx/CVE-2014-2374.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02" - }, - { - "name" : "http://www.accuenergy.com/firmware-update-axm-net", - "refsource" : "CONFIRM", - "url" : "http://www.accuenergy.com/firmware-update-axm-net" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.accuenergy.com/firmware-update-axm-net", + "refsource": "CONFIRM", + "url": "http://www.accuenergy.com/firmware-update-axm-net" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-275-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2827.json b/2014/2xxx/CVE-2014-2827.json index d10a23d95fd..dc561e9f75c 100644 --- a/2014/2xxx/CVE-2014-2827.json +++ b/2014/2xxx/CVE-2014-2827.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-4063." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69124" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2774, CVE-2014-2820, CVE-2014-2826, and CVE-2014-4063." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + }, + { + "name": "69124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69124" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6139.json b/2014/6xxx/CVE-2014-6139.json index 0aada7b6208..e6edb2d1925 100644 --- a/2014/6xxx/CVE-2014-6139.json +++ b/2014/6xxx/CVE-2014-6139.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JR51391", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JR51391", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51391" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6502.json b/2014/6xxx/CVE-2014-6502.json index 4f3c9b50705..5ddf63f1897 100644 --- a/2014/6xxx/CVE-2014-6502.json +++ b/2014/6xxx/CVE-2014-6502.json @@ -1,282 +1,282 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1633.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1633.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1634.html", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1634.html" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1636", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1636" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" - }, - { - "name" : "DSA-3077", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3077" - }, - { - "name" : "DSA-3080", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3080" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03218", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "SSRT101770", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=141775382904016&w=2" - }, - { - "name" : "RHSA-2014:1620", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1620.html" - }, - { - "name" : "RHSA-2014:1633", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1633.html" - }, - { - "name" : "RHSA-2014:1634", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1634.html" - }, - { - "name" : "RHSA-2014:1636", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1636.html" - }, - { - "name" : "RHSA-2014:1657", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1657.html" - }, - { - "name" : "RHSA-2014:1658", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1658.html" - }, - { - "name" : "RHSA-2014:1876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1876.html" - }, - { - "name" : "RHSA-2014:1877", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1877.html" - }, - { - "name" : "RHSA-2014:1880", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1880.html" - }, - { - "name" : "RHSA-2014:1881", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1881.html" - }, - { - "name" : "RHSA-2014:1882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1882.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2014:1422", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html" - }, - { - "name" : "SUSE-SU-2014:1526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" - }, - { - "name" : "SUSE-SU-2014:1549", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" - }, - { - "name" : "SUSE-SU-2015:0344", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" - }, - { - "name" : "SUSE-SU-2015:0345", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" - }, - { - "name" : "SUSE-SU-2015:0376", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" - }, - { - "name" : "SUSE-SU-2015:0392", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" - }, - { - "name" : "USN-2386-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2386-1" - }, - { - "name" : "USN-2388-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2388-1" - }, - { - "name" : "USN-2388-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2388-2" - }, - { - "name" : "70533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70533" - }, - { - "name" : "60414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60414" - }, - { - "name" : "60416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60416" - }, - { - "name" : "60417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60417" - }, - { - "name" : "61018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61018" - }, - { - "name" : "61020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61020" - }, - { - "name" : "61143", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61143" - }, - { - "name" : "61629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61629" - }, - { - "name" : "61163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61163" - }, - { - "name" : "61164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61164" - }, - { - "name" : "61346", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61346" - }, - { - "name" : "61609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61609" - }, - { - "name" : "61928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "60414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60414" + }, + { + "name": "RHSA-2014:1880", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1880.html" + }, + { + "name": "RHSA-2014:1657", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1657.html" + }, + { + "name": "RHSA-2014:1877", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1877.html" + }, + { + "name": "61609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61609" + }, + { + "name": "70533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70533" + }, + { + "name": "61928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61928" + }, + { + "name": "61163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61163" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688283" + }, + { + "name": "USN-2386-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2386-1" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1633.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1633.html" + }, + { + "name": "USN-2388-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2388-1" + }, + { + "name": "HPSBUX03218", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "RHSA-2014:1881", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1881.html" + }, + { + "name": "61629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61629" + }, + { + "name": "SUSE-SU-2014:1549", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html" + }, + { + "name": "61018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61018" + }, + { + "name": "SUSE-SU-2015:0376", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html" + }, + { + "name": "RHSA-2014:1876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1876.html" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1634.html", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1634.html" + }, + { + "name": "61346", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61346" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "RHSA-2014:1634", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1634.html" + }, + { + "name": "USN-2388-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2388-2" + }, + { + "name": "SUSE-SU-2014:1422", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00013.html" + }, + { + "name": "DSA-3080", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3080" + }, + { + "name": "SUSE-SU-2015:0392", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html" + }, + { + "name": "SUSE-SU-2014:1526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html" + }, + { + "name": "SUSE-SU-2015:0345", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html" + }, + { + "name": "60416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60416" + }, + { + "name": "RHSA-2014:1882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1882.html" + }, + { + "name": "RHSA-2014:1633", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1633.html" + }, + { + "name": "RHSA-2014:1636", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1636.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "RHSA-2014:1658", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1658.html" + }, + { + "name": "61164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61164" + }, + { + "name": "SSRT101770", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=141775382904016&w=2" + }, + { + "name": "DSA-3077", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3077" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1636", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1636" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + }, + { + "name": "61020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61020" + }, + { + "name": "61143", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61143" + }, + { + "name": "SUSE-SU-2015:0344", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html" + }, + { + "name": "60417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60417" + }, + { + "name": "RHSA-2014:1620", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1620.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6736.json b/2014/6xxx/CVE-2014-6736.json index 9033960b237..054a17efff2 100644 --- a/2014/6xxx/CVE-2014-6736.json +++ b/2014/6xxx/CVE-2014-6736.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#959137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/959137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#959137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/959137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6783.json b/2014/6xxx/CVE-2014-6783.json index c51dfb4453a..cc02638218a 100644 --- a/2014/6xxx/CVE-2014-6783.json +++ b/2014/6xxx/CVE-2014-6783.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#241849", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/241849" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#241849", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/241849" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0343.json b/2017/0xxx/CVE-2017-0343.json index 2ef18540318..459d5e92bb4 100644 --- a/2017/0xxx/CVE-2017-0343.json +++ b/2017/0xxx/CVE-2017-0343.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) where user can trigger a race condition due to lack of synchronization in two functions leading to a denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0559.json b/2017/0xxx/CVE-2017-0559.json index 657bad165e3..a431b90f0aa 100644 --- a/2017/0xxx/CVE-2017-0559.json +++ b/2017/0xxx/CVE-2017-0559.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97352" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97352" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0652.json b/2017/0xxx/CVE-2017-0652.json index 6d322cd84f0..65e006c44ae 100644 --- a/2017/0xxx/CVE-2017-0652.json +++ b/2017/0xxx/CVE-2017-0652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0714.json b/2017/0xxx/CVE-2017-0714.json index fb12d5677ee..6176b157e48 100644 --- a/2017/0xxx/CVE-2017-0714.json +++ b/2017/0xxx/CVE-2017-0714.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36492637." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100204" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0946.json b/2017/0xxx/CVE-2017-0946.json index ec241b6eca6..5c95390fe55 100644 --- a/2017/0xxx/CVE-2017-0946.json +++ b/2017/0xxx/CVE-2017-0946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000429.json b/2017/1000xxx/CVE-2017-1000429.json index f5a21c88310..7d530160a2a 100644 --- a/2017/1000xxx/CVE-2017-1000429.json +++ b/2017/1000xxx/CVE-2017-1000429.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000429", - "REQUESTER" : "l.lucifaer@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "finecms", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.10" - } - ] - } - } - ] - }, - "vendor_name" : "personal/rui Li" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000429", + "REQUESTER": "l.lucifaer@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lucifaer.com/index.php/archives/35/", - "refsource" : "MISC", - "url" : "http://lucifaer.com/index.php/archives/35/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lucifaer.com/index.php/archives/35/", + "refsource": "MISC", + "url": "http://lucifaer.com/index.php/archives/35/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000457.json b/2017/1000xxx/CVE-2017-1000457.json index 914ab7718e6..c776530da5d 100644 --- a/2017/1000xxx/CVE-2017-1000457.json +++ b/2017/1000xxx/CVE-2017-1000457.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000457", - "REQUESTER" : "jarrod.farncomb@datacom.com.au", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "mojoPortal", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "mojoPortal" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the \"Administrators\" or \"Content Administrators\" role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000457", + "REQUESTER": "jarrod.farncomb@datacom.com.au", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", - "refsource" : "MISC", - "url" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d" - }, - { - "name" : "https://www.mojoportal.com/mojoportal-2-6", - "refsource" : "MISC", - "url" : "https://www.mojoportal.com/mojoportal-2-6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the \"Administrators\" or \"Content Administrators\" role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mojoportal.com/mojoportal-2-6", + "refsource": "MISC", + "url": "https://www.mojoportal.com/mojoportal-2-6" + }, + { + "name": "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", + "refsource": "MISC", + "url": "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000489.json b/2017/1000xxx/CVE-2017-1000489.json index ca8c4b676c3..d8793897235 100644 --- a/2017/1000xxx/CVE-2017-1000489.json +++ b/2017/1000xxx/CVE-2017-1000489.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000489", - "REQUESTER" : "alan.hartless@mautic.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mautic", - "version" : { - "version_data" : [ - { - "version_value" : "2.0.0 - 2.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "Mautic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000489", + "REQUESTER": "alan.hartless@mautic.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mautic/mautic/releases/tag/2.12.0", + "refsource": "CONFIRM", + "url": "https://github.com/mautic/mautic/releases/tag/2.12.0" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18237.json b/2017/18xxx/CVE-2017-18237.json index 33fb70e96e3..0b6a97fd992 100644 --- a/2017/18xxx/CVE-2017-18237.json +++ b/2017/18xxx/CVE-2017-18237.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=101914", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=101914" - }, - { - "name" : "https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048", - "refsource" : "CONFIRM", - "url" : "https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=101914", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=101914" + }, + { + "name": "https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048", + "refsource": "CONFIRM", + "url": "https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1505.json b/2017/1xxx/CVE-2017-1505.json index e4030ede015..2cfb8ca6a68 100644 --- a/2017/1xxx/CVE-2017-1505.json +++ b/2017/1xxx/CVE-2017-1505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1571.json b/2017/1xxx/CVE-2017-1571.json index 39a0b5424a8..bba69891aa8 100644 --- a/2017/1xxx/CVE-2017-1571.json +++ b/2017/1xxx/CVE-2017-1571.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-14T00:00:00", - "ID" : "CVE-2017-1571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.100", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-14T00:00:00", + "ID": "CVE-2017-1571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012948", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012948" - }, - { - "name" : "103494", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.100", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103494", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103494" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012948", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012948" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131853" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1902.json b/2017/1xxx/CVE-2017-1902.json index 9710e9ed061..2feb5f8addd 100644 --- a/2017/1xxx/CVE-2017-1902.json +++ b/2017/1xxx/CVE-2017-1902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1902", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1902", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4137.json b/2017/4xxx/CVE-2017-4137.json index f6e19a8b9cd..bc909af03a5 100644 --- a/2017/4xxx/CVE-2017-4137.json +++ b/2017/4xxx/CVE-2017-4137.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4137", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4137", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4436.json b/2017/4xxx/CVE-2017-4436.json index d11cf670feb..016b6a8b5e6 100644 --- a/2017/4xxx/CVE-2017-4436.json +++ b/2017/4xxx/CVE-2017-4436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4436", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4436", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4605.json b/2017/4xxx/CVE-2017-4605.json index a7c0e5b1660..72f7933fa45 100644 --- a/2017/4xxx/CVE-2017-4605.json +++ b/2017/4xxx/CVE-2017-4605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4605", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4605", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4650.json b/2017/4xxx/CVE-2017-4650.json index 2fe8923494c..af2d34355b7 100644 --- a/2017/4xxx/CVE-2017-4650.json +++ b/2017/4xxx/CVE-2017-4650.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4650", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4650", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file