From 732348cfcff1890fa657e0ffd0add8ed916c2913 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:40:37 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/3xxx/CVE-2006-3002.json | 170 +++++++++---------- 2006/3xxx/CVE-2006-3057.json | 170 +++++++++---------- 2006/3xxx/CVE-2006-3977.json | 160 +++++++++--------- 2006/4xxx/CVE-2006-4036.json | 190 ++++++++++----------- 2006/4xxx/CVE-2006-4424.json | 170 +++++++++---------- 2006/4xxx/CVE-2006-4639.json | 150 ++++++++--------- 2006/4xxx/CVE-2006-4835.json | 140 ++++++++-------- 2006/6xxx/CVE-2006-6244.json | 160 +++++++++--------- 2006/6xxx/CVE-2006-6686.json | 150 ++++++++--------- 2006/6xxx/CVE-2006-6933.json | 130 +++++++-------- 2006/7xxx/CVE-2006-7141.json | 150 ++++++++--------- 2006/7xxx/CVE-2006-7165.json | 160 +++++++++--------- 2010/2xxx/CVE-2010-2138.json | 140 ++++++++-------- 2010/2xxx/CVE-2010-2304.json | 34 ++-- 2010/2xxx/CVE-2010-2667.json | 190 ++++++++++----------- 2011/0xxx/CVE-2011-0168.json | 180 ++++++++++---------- 2011/0xxx/CVE-2011-0267.json | 200 +++++++++++------------ 2011/0xxx/CVE-2011-0371.json | 34 ++-- 2011/0xxx/CVE-2011-0604.json | 200 +++++++++++------------ 2011/0xxx/CVE-2011-0696.json | 290 ++++++++++++++++----------------- 2011/1xxx/CVE-2011-1216.json | 170 +++++++++---------- 2011/1xxx/CVE-2011-1474.json | 34 ++-- 2011/1xxx/CVE-2011-1523.json | 200 +++++++++++------------ 2011/1xxx/CVE-2011-1556.json | 170 +++++++++---------- 2011/1xxx/CVE-2011-1639.json | 34 ++-- 2011/4xxx/CVE-2011-4164.json | 140 ++++++++-------- 2011/4xxx/CVE-2011-4176.json | 34 ++-- 2011/4xxx/CVE-2011-4275.json | 140 ++++++++-------- 2011/4xxx/CVE-2011-4378.json | 34 ++-- 2011/4xxx/CVE-2011-4842.json | 34 ++-- 2011/4xxx/CVE-2011-4939.json | 170 +++++++++---------- 2011/5xxx/CVE-2011-5005.json | 130 +++++++-------- 2014/2xxx/CVE-2014-2275.json | 34 ++-- 2014/2xxx/CVE-2014-2463.json | 120 +++++++------- 2014/3xxx/CVE-2014-3822.json | 130 +++++++-------- 2014/3xxx/CVE-2014-3956.json | 280 +++++++++++++++---------------- 2014/3xxx/CVE-2014-3959.json | 160 +++++++++--------- 2014/6xxx/CVE-2014-6746.json | 140 ++++++++-------- 2014/6xxx/CVE-2014-6898.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7554.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7559.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7784.json | 140 ++++++++-------- 2016/2xxx/CVE-2016-2000.json | 120 +++++++------- 2017/0xxx/CVE-2017-0789.json | 132 +++++++-------- 2017/0xxx/CVE-2017-0845.json | 158 +++++++++--------- 2017/18xxx/CVE-2017-18010.json | 140 ++++++++-------- 2017/18xxx/CVE-2017-18141.json | 130 +++++++-------- 2017/1xxx/CVE-2017-1079.json | 34 ++-- 2017/1xxx/CVE-2017-1353.json | 156 +++++++++--------- 2017/1xxx/CVE-2017-1507.json | 130 +++++++-------- 2017/1xxx/CVE-2017-1562.json | 288 ++++++++++++++++---------------- 2017/1xxx/CVE-2017-1732.json | 172 +++++++++---------- 2017/5xxx/CVE-2017-5049.json | 130 +++++++-------- 2017/5xxx/CVE-2017-5339.json | 34 ++-- 2017/5xxx/CVE-2017-5836.json | 150 ++++++++--------- 2017/5xxx/CVE-2017-5963.json | 130 +++++++-------- 56 files changed, 3893 insertions(+), 3893 deletions(-) diff --git a/2006/3xxx/CVE-2006-3002.json b/2006/3xxx/CVE-2006-3002.json index 4bc33706592..65ac1598ded 100644 --- a/2006/3xxx/CVE-2006-3002.json +++ b/2006/3xxx/CVE-2006-3002.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 Easy Ad-Manager", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436413" - }, - { - "name" : "18339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18339" - }, - { - "name" : "ADV-2006-2248", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2248" - }, - { - "name" : "20539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20539" - }, - { - "name" : "1079", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1079" - }, - { - "name" : "easyadmanager-details-xss(27109)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this issue has been fixed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18339" + }, + { + "name": "easyadmanager-details-xss(27109)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27109" + }, + { + "name": "ADV-2006-2248", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2248" + }, + { + "name": "1079", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1079" + }, + { + "name": "20060608 Easy Ad-Manager", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436413" + }, + { + "name": "20539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20539" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3057.json b/2006/3xxx/CVE-2006-3057.json index f32133177cd..8a458dfaace 100644 --- a/2006/3xxx/CVE-2006-3057.json +++ b/2006/3xxx/CVE-2006-3057.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SR:2006:015", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_38_security.html" - }, - { - "name" : "USN-299-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/299-1/" - }, - { - "name" : "18459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18459" - }, - { - "name" : "20754", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20754" - }, - { - "name" : "20899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20899" - }, - { - "name" : "dhcdbd-dhcp-response-dos(27291)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20899" + }, + { + "name": "20754", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20754" + }, + { + "name": "dhcdbd-dhcp-response-dos(27291)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27291" + }, + { + "name": "USN-299-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/299-1/" + }, + { + "name": "SUSE-SR:2006:015", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html" + }, + { + "name": "18459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18459" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3977.json b/2006/3xxx/CVE-2006-3977.json index b660d97cd75..5e52afca1a0 100644 --- a/2006/3xxx/CVE-2006-3977.json +++ b/2006/3xxx/CVE-2006-3977.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to \"improper processing of outdated WebScan components.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442244/100/0/threaded" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" - }, - { - "name" : "ADV-2006-3166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3166" - }, - { - "name" : "1016637", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016637" - }, - { - "name" : "21320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to \"improper processing of outdated WebScan components.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3166" + }, + { + "name": "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442244/100/0/threaded" + }, + { + "name": "1016637", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016637" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" + }, + { + "name": "21320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21320" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4036.json b/2006/4xxx/CVE-2006-4036.json index 10d1e1ca9eb..f25a42da668 100644 --- a/2006/4xxx/CVE-2006-4036.json +++ b/2006/4xxx/CVE-2006-4036.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442152/100/0/threaded" - }, - { - "name" : "20060830 Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444901/100/0/threaded" - }, - { - "name" : "20060906 ZoneX 1.0.3 File Inclusion - CVE-2006-4036", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-September/001017.html" - }, - { - "name" : "19338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19338" - }, - { - "name" : "ADV-2006-3156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3156" - }, - { - "name" : "21353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21353" - }, - { - "name" : "1348", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1348" - }, - { - "name" : "zonex-register-file-include(28223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19338" + }, + { + "name": "zonex-register-file-include(28223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28223" + }, + { + "name": "21353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21353" + }, + { + "name": "20060830 Re: ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444901/100/0/threaded" + }, + { + "name": "ADV-2006-3156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3156" + }, + { + "name": "1348", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1348" + }, + { + "name": "20060803 ZoneX 1.0.3 - Publishers Gold Edition Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442152/100/0/threaded" + }, + { + "name": "20060906 ZoneX 1.0.3 File Inclusion - CVE-2006-4036", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-September/001017.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4424.json b/2006/4xxx/CVE-2006-4424.json index 73e99a3e920..8d603c5ddc1 100644 --- a/2006/4xxx/CVE-2006-4424.json +++ b/2006/4xxx/CVE-2006-4424.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2254", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2254" - }, - { - "name" : "19706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19706" - }, - { - "name" : "ADV-2006-3385", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3385" - }, - { - "name" : "28218", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28218" - }, - { - "name" : "21624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21624" - }, - { - "name" : "phpcoin-ccfgpkgpathincl-file-include(28572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28218", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28218" + }, + { + "name": "ADV-2006-3385", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3385" + }, + { + "name": "21624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21624" + }, + { + "name": "phpcoin-ccfgpkgpathincl-file-include(28572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28572" + }, + { + "name": "2254", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2254" + }, + { + "name": "19706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19706" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4639.json b/2006/4xxx/CVE-2006-4639.json index feea97f1952..f00f38fd795 100644 --- a/2006/4xxx/CVE-2006-4639.json +++ b/2006/4xxx/CVE-2006-4639.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060910 C-News v 1.0.1 < = Multiple Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445781/100/0/threaded" - }, - { - "name" : "ADV-2006-3471", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3471" - }, - { - "name" : "21758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21758" - }, - { - "name" : "cnews-path-file-include(28766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21758" + }, + { + "name": "20060910 C-News v 1.0.1 < = Multiple Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445781/100/0/threaded" + }, + { + "name": "ADV-2006-3471", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3471" + }, + { + "name": "cnews-path-file-include(28766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28766" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4835.json b/2006/4xxx/CVE-2006-4835.json index cb37444a25f..03d21def23a 100644 --- a/2006/4xxx/CVE-2006-4835.json +++ b/2006/4xxx/CVE-2006-4835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060914 Fullpath disclosure in Blue Magic Board 5.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446037/100/0/threaded" - }, - { - "name" : "1586", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1586" - }, - { - "name" : "bluemagicboard-footer-path-disclosure(28949)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060914 Fullpath disclosure in Blue Magic Board 5.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446037/100/0/threaded" + }, + { + "name": "bluemagicboard-footer-path-disclosure(28949)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28949" + }, + { + "name": "1586", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1586" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6244.json b/2006/6xxx/CVE-2006-6244.json index bbec6bcdd2b..a10faf20e99 100644 --- a/2006/6xxx/CVE-2006-6244.json +++ b/2006/6xxx/CVE-2006-6244.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129" - }, - { - "name" : "http://www.freepbx.org/trac/changeset/2076", - "refsource" : "CONFIRM", - "url" : "http://www.freepbx.org/trac/changeset/2076" - }, - { - "name" : "21359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21359" - }, - { - "name" : "ADV-2006-3019", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3019" - }, - { - "name" : "23124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=121515&release_id=467129" + }, + { + "name": "http://www.freepbx.org/trac/changeset/2076", + "refsource": "CONFIRM", + "url": "http://www.freepbx.org/trac/changeset/2076" + }, + { + "name": "23124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23124" + }, + { + "name": "21359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21359" + }, + { + "name": "ADV-2006-3019", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3019" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6686.json b/2006/6xxx/CVE-2006-6686.json index 8338c902432..3b80c781e8b 100644 --- a/2006/6xxx/CVE-2006-6686.json +++ b/2006/6xxx/CVE-2006-6686.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2965", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2965" - }, - { - "name" : "21690", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21690" - }, - { - "name" : "ADV-2006-5097", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5097" - }, - { - "name" : "23458", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23458", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23458" + }, + { + "name": "2965", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2965" + }, + { + "name": "21690", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21690" + }, + { + "name": "ADV-2006-5097", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5097" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6933.json b/2006/6xxx/CVE-2006-6933.json index 2fa63a64ef1..adb47e9ae3d 100644 --- a/2006/6xxx/CVE-2006-6933.json +++ b/2006/6xxx/CVE-2006-6933.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "22739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22739" - }, - { - "name" : "easychat-webroot-information-disclosure(30075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Easy Chat Server 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download certain files via direct requests to files such as (1) ServerKey.pem and (2) AcceptIP.txt. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "easychat-webroot-information-disclosure(30075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30075" + }, + { + "name": "22739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22739" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7141.json b/2006/7xxx/CVE-2006-7141.json index fd1becf8ae9..98a27f62e63 100644 --- a/2006/7xxx/CVE-2006-7141.json +++ b/2006/7xxx/CVE-2006-7141.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or \"CREATE ANY DIRECTORY to PUBLIC\" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061219 Oracle <= 9i / 10g File System Access via utl_file Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454862/100/0/threaded" - }, - { - "name" : "20061220 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454964/100/0/threaded" - }, - { - "name" : "20061221 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455047/100/0/threaded" - }, - { - "name" : "http://www.0xdeadbeef.info/exploits/raptor_orafile.sql", - "refsource" : "MISC", - "url" : "http://www.0xdeadbeef.info/exploits/raptor_orafile.sql" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Absolute path traversal vulnerability in Oracle Database Server, when utl_file_dir is set to a wildcard value or \"CREATE ANY DIRECTORY to PUBLIC\" privileges exist, allows remote authenticated users to read and modify arbitrary files via full filepaths to utl_file functions such as (1) utl_file.put_line and (2) utl_file.get_line, a related issue to CVE-2005-0701. NOTE: this issue is disputed by third parties who state that this is due to an insecure configuration instead of an inherent vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.0xdeadbeef.info/exploits/raptor_orafile.sql", + "refsource": "MISC", + "url": "http://www.0xdeadbeef.info/exploits/raptor_orafile.sql" + }, + { + "name": "20061221 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455047/100/0/threaded" + }, + { + "name": "20061220 Re: Oracle <= 9i / 10g File System Access via utl_file Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454964/100/0/threaded" + }, + { + "name": "20061219 Oracle <= 9i / 10g File System Access via utl_file Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454862/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7165.json b/2006/7xxx/CVE-2006-7165.json index 010f8883373..244208e4637 100644 --- a/2006/7xxx/CVE-2006-7165.json +++ b/2006/7xxx/CVE-2006-7165.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain \"special URIs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" - }, - { - "name" : "PK23670", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24013032" - }, - { - "name" : "22991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/22991" - }, - { - "name" : "ADV-2007-0970", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0970" - }, - { - "name" : "24478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain \"special URIs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0970", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0970" + }, + { + "name": "24478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24478" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541" + }, + { + "name": "PK23670", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013032" + }, + { + "name": "22991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/22991" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2138.json b/2010/2xxx/CVE-2010-2138.json index 2bdaa83d3d8..af4a9b921b5 100644 --- a/2010/2xxx/CVE-2010-2138.json +++ b/2010/2xxx/CVE-2010-2138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11587", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11587" - }, - { - "name" : "http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt" - }, - { - "name" : "proman-sessionuserlang-file-include(56577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in ProMan 0.1.1 and earlier allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SESSION[userLang] parameter to (1) elisttasks.php, (2) managepmanagers.php, (3) manageusers.php, (4) helpfunc.php, (5) managegroups.php, (6) manageprocess.php, and (7) manageusersgroups.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11587", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11587" + }, + { + "name": "proman-sessionuserlang-file-include(56577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56577" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/proman-rfilfi.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2304.json b/2010/2xxx/CVE-2010-2304.json index 498d4827ffd..78c2e06f327 100644 --- a/2010/2xxx/CVE-2010-2304.json +++ b/2010/2xxx/CVE-2010-2304.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2304", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1773. Reason: This candidate is a duplicate of CVE-2010-1773. Notes: All CVE users should reference CVE-2010-1773 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-2304", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1773. Reason: This candidate is a duplicate of CVE-2010-1773. Notes: All CVE users should reference CVE-2010-1773 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2667.json b/2010/2xxx/CVE-2010-2667.json index a3a417d974a..c80159dc477 100644 --- a/2010/2xxx/CVE-2010-2667.json +++ b/2010/2xxx/CVE-2010-2667.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100713 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512311/100/0/threaded" - }, - { - "name" : "[security-announce] 20100712 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000101.html" - }, - { - "name" : "http://www.wmware.com/security/advisories/VMSA-2010-0011.html", - "refsource" : "CONFIRM", - "url" : "http://www.wmware.com/security/advisories/VMSA-2010-0011.html" - }, - { - "name" : "41566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41566" - }, - { - "name" : "1024187", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024187" - }, - { - "name" : "40507", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40507" - }, - { - "name" : "ADV-2010-1791", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1791" - }, - { - "name" : "studio-vami-command-execution(60350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "studio-vami-command-execution(60350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60350" + }, + { + "name": "20100713 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512311/100/0/threaded" + }, + { + "name": "1024187", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024187" + }, + { + "name": "40507", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40507" + }, + { + "name": "41566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41566" + }, + { + "name": "ADV-2010-1791", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1791" + }, + { + "name": "http://www.wmware.com/security/advisories/VMSA-2010-0011.html", + "refsource": "CONFIRM", + "url": "http://www.wmware.com/security/advisories/VMSA-2010-0011.html" + }, + { + "name": "[security-announce] 20100712 VMSA-2010-0011 VMware Studio 2.1 addresses security vulnerabilities in virtual appliances created with Studio 2.0", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000101.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0168.json b/2011/0xxx/CVE-2011-0168.json index a976afb382e..a0e205d0427 100644 --- a/2011/0xxx/CVE-2011-0168.json +++ b/2011/0xxx/CVE-2011-0168.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4554", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4554" - }, - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-02-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16938", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-02-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT4554", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4554" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:16938", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16938" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0267.json b/2011/0xxx/CVE-2011-0267.json index b24aaacbe72..1d019561d60 100644 --- a/2011/0xxx/CVE-2011-0267.json +++ b/2011/0xxx/CVE-2011-0267.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17038", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17038" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-009/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-009/" - }, - { - "name" : "HPSBMA02621", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "SSRT100352", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "45762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45762" - }, - { - "name" : "1024951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024951" - }, - { - "name" : "8156", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8156" - }, - { - "name" : "ADV-2011-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0085" - }, - { - "name" : "hp-opennnm-schdparams-bo(64649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMA02621", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "ADV-2011-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0085" + }, + { + "name": "SSRT100352", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-009/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-009/" + }, + { + "name": "45762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45762" + }, + { + "name": "17038", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17038" + }, + { + "name": "1024951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024951" + }, + { + "name": "hp-opennnm-schdparams-bo(64649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64649" + }, + { + "name": "8156", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8156" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0371.json b/2011/0xxx/CVE-2011-0371.json index da93096f7e8..a1bf810dc5c 100644 --- a/2011/0xxx/CVE-2011-0371.json +++ b/2011/0xxx/CVE-2011-0371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0604.json b/2011/0xxx/CVE-2011-0604.json index e13272c91ca..5c7911af581 100644 --- a/2011/0xxx/CVE-2011-0604.json +++ b/2011/0xxx/CVE-2011-0604.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-03.html" - }, - { - "name" : "RHSA-2011:0301", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0301.html" - }, - { - "name" : "46217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46217" - }, - { - "name" : "oval:org.mitre.oval:def:12592", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12592" - }, - { - "name" : "1025033", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025033" - }, - { - "name" : "43470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43470" - }, - { - "name" : "ADV-2011-0337", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0337" - }, - { - "name" : "ADV-2011-0492", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0492" - }, - { - "name" : "adobe-acrobat-unspecified-xss(65307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0492", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0492" + }, + { + "name": "43470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43470" + }, + { + "name": "RHSA-2011:0301", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" + }, + { + "name": "oval:org.mitre.oval:def:12592", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12592" + }, + { + "name": "ADV-2011-0337", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0337" + }, + { + "name": "1025033", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025033" + }, + { + "name": "adobe-acrobat-unspecified-xss(65307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65307" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" + }, + { + "name": "46217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46217" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0696.json b/2011/0xxx/CVE-2011-0696.json index e373eb90b41..e0b738f42fc 100644 --- a/2011/0xxx/CVE-2011-0696.json +++ b/2011/0xxx/CVE-2011-0696.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110209 Django multiple flaws (CVEs inside)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/09/6" - }, - { - "name" : "http://www.djangoproject.com/weblog/2011/feb/08/security/", - "refsource" : "CONFIRM", - "url" : "http://www.djangoproject.com/weblog/2011/feb/08/security/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=676357", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=676357" - }, - { - "name" : "DSA-2163", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2163" - }, - { - "name" : "FEDORA-2011-1235", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html" - }, - { - "name" : "FEDORA-2011-1261", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html" - }, - { - "name" : "MDVSA-2011:031", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031" - }, - { - "name" : "USN-1066-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1066-1" - }, - { - "name" : "46296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46296" - }, - { - "name" : "43230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43230" - }, - { - "name" : "43297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43297" - }, - { - "name" : "43382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43382" - }, - { - "name" : "43426", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43426" - }, - { - "name" : "ADV-2011-0372", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0372" - }, - { - "name" : "ADV-2011-0388", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0388" - }, - { - "name" : "ADV-2011-0429", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0429" - }, - { - "name" : "ADV-2011-0439", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0439" - }, - { - "name" : "ADV-2011-0441", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43297" + }, + { + "name": "43382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43382" + }, + { + "name": "ADV-2011-0439", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0439" + }, + { + "name": "ADV-2011-0429", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0429" + }, + { + "name": "[oss-security] 20110209 Django multiple flaws (CVEs inside)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/09/6" + }, + { + "name": "43230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43230" + }, + { + "name": "43426", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43426" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=676357", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676357" + }, + { + "name": "ADV-2011-0372", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0372" + }, + { + "name": "FEDORA-2011-1261", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054207.html" + }, + { + "name": "ADV-2011-0441", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0441" + }, + { + "name": "USN-1066-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1066-1" + }, + { + "name": "46296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46296" + }, + { + "name": "MDVSA-2011:031", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:031" + }, + { + "name": "DSA-2163", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2163" + }, + { + "name": "http://www.djangoproject.com/weblog/2011/feb/08/security/", + "refsource": "CONFIRM", + "url": "http://www.djangoproject.com/weblog/2011/feb/08/security/" + }, + { + "name": "ADV-2011-0388", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0388" + }, + { + "name": "FEDORA-2011-1235", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054208.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1216.json b/2011/1xxx/CVE-2011-1216.json index 72f20bed4af..4999722da8f 100644 --- a/2011/1xxx/CVE-2011-1216.json +++ b/2011/1xxx/CVE-2011-1216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110524 IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21500034", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21500034" - }, - { - "name" : "47962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47962" - }, - { - "name" : "oval:org.mitre.oval:def:13796", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13796" - }, - { - "name" : "44624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44624" - }, - { - "name" : "lotus-notes-assr-bo(67623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21500034", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21500034" + }, + { + "name": "47962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47962" + }, + { + "name": "44624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44624" + }, + { + "name": "20110524 IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=907" + }, + { + "name": "lotus-notes-assr-bo(67623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67623" + }, + { + "name": "oval:org.mitre.oval:def:13796", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13796" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1474.json b/2011/1xxx/CVE-2011-1474.json index cd831979c55..f97250d1f4c 100644 --- a/2011/1xxx/CVE-2011-1474.json +++ b/2011/1xxx/CVE-2011-1474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1523.json b/2011/1xxx/CVE-2011-1523.json index 41621ad550b..0cc2b40948b 100644 --- a/2011/1xxx/CVE-2011-1523.json +++ b/2011/1xxx/CVE-2011-1523.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110325 CVE Request -- Nagios -- XSS in the network status map CGI script", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/25/3" - }, - { - "name" : "[oss-security] 20110328 Re: CVE Request -- Nagios -- XSS in the network status map CGI script", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/28/4" - }, - { - "name" : "http://tracker.nagios.org/view.php?id=207", - "refsource" : "MISC", - "url" : "http://tracker.nagios.org/view.php?id=207" - }, - { - "name" : "http://www.rul3z.de/advisories/SSCHADV2011-002.txt", - "refsource" : "MISC", - "url" : "http://www.rul3z.de/advisories/SSCHADV2011-002.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=690877", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=690877" - }, - { - "name" : "USN-1151-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1151-1" - }, - { - "name" : "43287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43287" - }, - { - "name" : "44974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44974" - }, - { - "name" : "8241", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8241", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8241" + }, + { + "name": "43287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43287" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=690877", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=690877" + }, + { + "name": "http://tracker.nagios.org/view.php?id=207", + "refsource": "MISC", + "url": "http://tracker.nagios.org/view.php?id=207" + }, + { + "name": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt", + "refsource": "MISC", + "url": "http://www.rul3z.de/advisories/SSCHADV2011-002.txt" + }, + { + "name": "44974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44974" + }, + { + "name": "[oss-security] 20110325 CVE Request -- Nagios -- XSS in the network status map CGI script", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/25/3" + }, + { + "name": "USN-1151-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1151-1" + }, + { + "name": "[oss-security] 20110328 Re: CVE Request -- Nagios -- XSS in the network status map CGI script", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/28/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1556.json b/2011/1xxx/CVE-2011-1556.json index 799b2d2f7ed..f59c16ff197 100644 --- a/2011/1xxx/CVE-2011-1556.json +++ b/2011/1xxx/CVE-2011-1556.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17061", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17061/" - }, - { - "name" : "http://www.autosectools.com/Advisories/Andy%27s.PHP.Knowledgebase.Project.0.95.4_SQL.Injection_161.html", - "refsource" : "MISC", - "url" : "http://www.autosectools.com/Advisories/Andy%27s.PHP.Knowledgebase.Project.0.95.4_SQL.Injection_161.html" - }, - { - "name" : "71287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71287" - }, - { - "name" : "43879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43879" - }, - { - "name" : "ADV-2011-0823", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0823" - }, - { - "name" : "phpknowledgebase-pdfgen-sql-injection(66386)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71287" + }, + { + "name": "http://www.autosectools.com/Advisories/Andy%27s.PHP.Knowledgebase.Project.0.95.4_SQL.Injection_161.html", + "refsource": "MISC", + "url": "http://www.autosectools.com/Advisories/Andy%27s.PHP.Knowledgebase.Project.0.95.4_SQL.Injection_161.html" + }, + { + "name": "ADV-2011-0823", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0823" + }, + { + "name": "43879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43879" + }, + { + "name": "phpknowledgebase-pdfgen-sql-injection(66386)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66386" + }, + { + "name": "17061", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17061/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1639.json b/2011/1xxx/CVE-2011-1639.json index 8569350540d..9b983a9cd28 100644 --- a/2011/1xxx/CVE-2011-1639.json +++ b/2011/1xxx/CVE-2011-1639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1639", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4164.json b/2011/4xxx/CVE-2011-4164.json index d053694092e..b3bc792e4dd 100644 --- a/2011/4xxx/CVE-2011-4164.json +++ b/2011/4xxx/CVE-2011-4164.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02731", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "SSRT100518", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132517846332173&w=2" - }, - { - "name" : "51205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1214." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100518", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "HPSBMU02731", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132517846332173&w=2" + }, + { + "name": "51205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51205" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4176.json b/2011/4xxx/CVE-2011-4176.json index 265fab2ab52..5bb8cb9cb2b 100644 --- a/2011/4xxx/CVE-2011-4176.json +++ b/2011/4xxx/CVE-2011-4176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4275.json b/2011/4xxx/CVE-2011-4275.json index 5690f5904d7..4d771fdf435 100644 --- a/2011/4xxx/CVE-2011-4275.json +++ b/2011/4xxx/CVE-2011-4275.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111116 TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520632" - }, - { - "name" : "20111121 TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520632/100/0/threaded" - }, - { - "name" : "http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt", - "refsource" : "MISC", - "url" : "http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111116 TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520632" + }, + { + "name": "20111121 TC-SA-2011-02: Multiple web-vulnerabilities in iTop version 1.1.181", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520632/100/0/threaded" + }, + { + "name": "http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt", + "refsource": "MISC", + "url": "http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4378.json b/2011/4xxx/CVE-2011-4378.json index 0e1bfde74cb..1e320a70d4d 100644 --- a/2011/4xxx/CVE-2011-4378.json +++ b/2011/4xxx/CVE-2011-4378.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4378", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4378", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4842.json b/2011/4xxx/CVE-2011-4842.json index c07c417a998..d3e77d0eb28 100644 --- a/2011/4xxx/CVE-2011-4842.json +++ b/2011/4xxx/CVE-2011-4842.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4842", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4842", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4939.json b/2011/4xxx/CVE-2011-4939.json index a496e75bbd2..77968fc11ca 100644 --- a/2011/4xxx/CVE-2011-4939.json +++ b/2011/4xxx/CVE-2011-4939.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4939", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.pidgin.im/ticket/14392", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/ticket/14392" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c" - }, - { - "name" : "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699", - "refsource" : "CONFIRM", - "url" : "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699" - }, - { - "name" : "http://pidgin.im/news/security/?id=60", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=60" - }, - { - "name" : "MDVSA-2012:029", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029" - }, - { - "name" : "oval:org.mitre.oval:def:18406", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:18406", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18406" + }, + { + "name": "MDVSA-2012:029", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:029" + }, + { + "name": "http://developer.pidgin.im/ticket/14392", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/ticket/14392" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/diff/10ead4688e3af4132d454fa3bc241480500651c9/with/d1d77da56217f3a083e1d459bef054db9f1d5699/pidgin/gtkconv.c" + }, + { + "name": "http://pidgin.im/news/security/?id=60", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=60" + }, + { + "name": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699", + "refsource": "CONFIRM", + "url": "http://developer.pidgin.im/viewmtn/revision/info/d1d77da56217f3a083e1d459bef054db9f1d5699" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5005.json b/2011/5xxx/CVE-2011-5005.json index b0f7b753f90..83d8b0214f9 100644 --- a/2011/5xxx/CVE-2011-5005.json +++ b/2011/5xxx/CVE-2011-5005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18118", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18118" - }, - { - "name" : "quixplorer-index-file-upload(71323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18118", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18118" + }, + { + "name": "quixplorer-index-file-upload(71323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71323" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2275.json b/2014/2xxx/CVE-2014-2275.json index d9b990107d9..2f2b97df75b 100644 --- a/2014/2xxx/CVE-2014-2275.json +++ b/2014/2xxx/CVE-2014-2275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2463.json b/2014/2xxx/CVE-2014-2463.json index b65a3599ba8..08872f4a47e 100644 --- a/2014/2xxx/CVE-2014-2463.json +++ b/2014/2xxx/CVE-2014-2463.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerability than CVE-2014-4232." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect integrity via unknown vectors related to Workspace Web Application, a different vulnerability than CVE-2014-4232." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3822.json b/2014/3xxx/CVE-2014-3822.json index 51aff7e0ff1..fbf0b14d04a 100644 --- a/2014/3xxx/CVE-2014-3822.json +++ b/2014/3xxx/CVE-2014-3822.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10641", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10641" - }, - { - "name" : "1030560", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd crash) via a malformed packet, related to translating IPv6 to IPv4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030560", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030560" + }, + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10641", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10641" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3956.json b/2014/3xxx/CVE-2014-3956.json index 9d2ba35212e..c0a81d18068 100644 --- a/2014/3xxx/CVE-2014-3956.json +++ b/2014/3xxx/CVE-2014-3956.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html" - }, - { - "name" : "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES" - }, - { - "name" : "http://www.sendmail.com/sm/open_source/download/8.14.9/", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.com/sm/open_source/download/8.14.9/" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0270.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0270.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368" - }, - { - "name" : "FEDORA-2014-7093", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html" - }, - { - "name" : "FreeBSD-SA-14:11", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc" - }, - { - "name" : "GLSA-201412-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-32.xml" - }, - { - "name" : "MDVSA-2015:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:128" - }, - { - "name" : "MDVSA-2014:147", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:147" - }, - { - "name" : "SSA:2014-156-04", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644" - }, - { - "name" : "openSUSE-SU-2014:0804", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html" - }, - { - "name" : "openSUSE-SU-2014:0805", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html" - }, - { - "name" : "67791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67791" - }, - { - "name" : "1030331", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030331" - }, - { - "name" : "57455", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57455" - }, - { - "name" : "58628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05216368" + }, + { + "name": "58628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58628" + }, + { + "name": "FreeBSD-SA-14:11", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-14%3A11.sendmail.asc" + }, + { + "name": "MDVSA-2015:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:128" + }, + { + "name": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126975/Slackware-Security-Advisory-sendmail-Updates.html" + }, + { + "name": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES", + "refsource": "CONFIRM", + "url": "ftp://ftp.sendmail.org/pub/sendmail/RELEASE_NOTES" + }, + { + "name": "GLSA-201412-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-32.xml" + }, + { + "name": "http://www.sendmail.com/sm/open_source/download/8.14.9/", + "refsource": "CONFIRM", + "url": "http://www.sendmail.com/sm/open_source/download/8.14.9/" + }, + { + "name": "openSUSE-SU-2014:0804", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00032.html" + }, + { + "name": "MDVSA-2014:147", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:147" + }, + { + "name": "FEDORA-2014-7093", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134349.html" + }, + { + "name": "openSUSE-SU-2014:0805", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00033.html" + }, + { + "name": "57455", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57455" + }, + { + "name": "67791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67791" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0270.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0270.html" + }, + { + "name": "SSA:2014-156-04", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.728644" + }, + { + "name": "1030331", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030331" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3959.json b/2014/3xxx/CVE-2014-3959.json index fc41bf196a4..ca9e04b5ac3 100644 --- a/2014/3xxx/CVE-2014-3959.json +++ b/2014/3xxx/CVE-2014-3959.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html", - "refsource" : "CONFIRM", - "url" : "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html" - }, - { - "name" : "67771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67771" - }, - { - "name" : "1030319", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030319" - }, - { - "name" : "1030320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030320" - }, - { - "name" : "58969", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "58969", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58969" + }, + { + "name": "1030319", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030319" + }, + { + "name": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html", + "refsource": "CONFIRM", + "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html" + }, + { + "name": "1030320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030320" + }, + { + "name": "67771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67771" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6746.json b/2014/6xxx/CVE-2014-6746.json index e538d90f60b..74ff61f6e76 100644 --- a/2014/6xxx/CVE-2014-6746.json +++ b/2014/6xxx/CVE-2014-6746.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#228913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/228913" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#228913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/228913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6898.json b/2014/6xxx/CVE-2014-6898.json index 5303e684370..6388701fc4b 100644 --- a/2014/6xxx/CVE-2014-6898.json +++ b/2014/6xxx/CVE-2014-6898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#670057", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/670057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#670057", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/670057" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7554.json b/2014/7xxx/CVE-2014-7554.json index 97e26fd387f..43ff5b55743 100644 --- a/2014/7xxx/CVE-2014-7554.json +++ b/2014/7xxx/CVE-2014-7554.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7554", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7554", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#673401", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/673401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#673401", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/673401" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7559.json b/2014/7xxx/CVE-2014-7559.json index 90be2b4dd7a..0f7872dcf3f 100644 --- a/2014/7xxx/CVE-2014-7559.json +++ b/2014/7xxx/CVE-2014-7559.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#652281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/652281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#652281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/652281" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7784.json b/2014/7xxx/CVE-2014-7784.json index ac0f5132bca..cf9affe2d12 100644 --- a/2014/7xxx/CVE-2014-7784.json +++ b/2014/7xxx/CVE-2014-7784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#974713", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/974713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#974713", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/974713" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2000.json b/2016/2xxx/CVE-2016-2000.json index 39b0f474df2..afd86dbd928 100644 --- a/2016/2xxx/CVE-2016-2000.json +++ b/2016/2xxx/CVE-2016-2000.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05064889", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05064889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem Chargeback 9.40 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05064889", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05064889" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0789.json b/2017/0xxx/CVE-2017-0789.json index 8dc4f3bb676..7eb1bc3fc48 100644 --- a/2017/0xxx/CVE-2017-0789.json +++ b/2017/0xxx/CVE-2017-0789.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37685267. References: B-V2017053102." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100655" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0845.json b/2017/0xxx/CVE-2017-0845.json index 39e911e26bf..552c86d8593 100644 --- a/2017/0xxx/CVE-2017-0845.json +++ b/2017/0xxx/CVE-2017-0845.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18010.json b/2017/18xxx/CVE-2017-18010.json index 377062738e8..fc6adf59186 100644 --- a/2017/18xxx/CVE-2017-18010.json +++ b/2017/18xxx/CVE-2017-18010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/145217/WordPress-Smart-Marketing-SMS-And-Newsletters-Forms-1.1.1-XSS.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/145217/WordPress-Smart-Marketing-SMS-And-Newsletters-Forms-1.1.1-XSS.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8974", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8974" - }, - { - "name" : "https://wordpress.org/plugins/smart-marketing-for-wp/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/smart-marketing-for-wp/#developers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/smart-marketing-for-wp/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/smart-marketing-for-wp/#developers" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8974", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8974" + }, + { + "name": "https://packetstormsecurity.com/files/145217/WordPress-Smart-Marketing-SMS-And-Newsletters-Forms-1.1.1-XSS.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/145217/WordPress-Smart-Marketing-SMS-And-Newsletters-Forms-1.1.1-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18141.json b/2017/18xxx/CVE-2017-18141.json index 40faf0228bd..75288f640d0 100644 --- a/2017/18xxx/CVE-2017-18141.json +++ b/2017/18xxx/CVE-2017-18141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a 3rd party TEE has been loaded it is possible for the non-secure world to create a secure monitor call which will give it access to privileged functions meant to only be accessible from the TEE in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1079.json b/2017/1xxx/CVE-2017-1079.json index 4ce5e1b3890..82e4f10f82e 100644 --- a/2017/1xxx/CVE-2017-1079.json +++ b/2017/1xxx/CVE-2017-1079.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1079", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1079", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1353.json b/2017/1xxx/CVE-2017-1353.json index c665666cb8d..cbba3f41f2b 100644 --- a/2017/1xxx/CVE-2017-1353.json +++ b/2017/1xxx/CVE-2017-1353.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-14T00:00:00", - "ID" : "CVE-2017-1353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlas eDiscovery Process Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "6.0.3.3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.0.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-14T00:00:00", + "ID": "CVE-2017-1353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlas eDiscovery Process Management", + "version": { + "version_data": [ + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "6.0.3.3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.0.3.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126680", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126680" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22005827", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22005827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22005827", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22005827" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126680", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126680" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1507.json b/2017/1xxx/CVE-2017-1507.json index c7b05733fd0..c01707c7394 100644 --- a/2017/1xxx/CVE-2017-1507.json +++ b/2017/1xxx/CVE-2017-1507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010627", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation Products could disclose sensitive information during a scan that could lead to further attacks against the system. IBM X-Force ID: 129619." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010627", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010627" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129619" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1562.json b/2017/1xxx/CVE-2017-1562.json index e6d9fd830ee..5e9c9fa8a84 100644 --- a/2017/1xxx/CVE-2017-1562.json +++ b/2017/1xxx/CVE-2017-1562.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171562-xss(131761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131761." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171562-xss(131761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131761" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1732.json b/2017/1xxx/CVE-2017-1732.json index c31bfd8141e..ea1f44c9d63 100644 --- a/2017/1xxx/CVE-2017-1732.json +++ b/2017/1xxx/CVE-2017-1732.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-15T00:00:00", - "ID" : "CVE-2017-1732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Access Manager for Enterprise Single Sign-On", - "version" : { - "version_data" : [ - { - "version_value" : "8.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "4.300", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-15T00:00:00", + "ID": "CVE-2017-1732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Access Manager for Enterprise Single Sign-On", + "version": { + "version_data": [ + { + "version_value": "8.2.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10726017", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10726017" - }, - { - "name" : "ibm-sam-cve20171732-info-disc(134913)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "4.300", + "UI": "R" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=ibm10726017", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=ibm10726017" + }, + { + "name": "ibm-sam-cve20171732-info-disc(134913)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134913" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5049.json b/2017/5xxx/CVE-2017-5049.json index db69fbd5fea..97b2c965523 100644 --- a/2017/5xxx/CVE-2017-5049.json +++ b/2017/5xxx/CVE-2017-5049.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "integer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/679646", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/679646" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/679646", + "refsource": "CONFIRM", + "url": "https://crbug.com/679646" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5339.json b/2017/5xxx/CVE-2017-5339.json index 1a0f2833b89..59e23325e7b 100644 --- a/2017/5xxx/CVE-2017-5339.json +++ b/2017/5xxx/CVE-2017-5339.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5339", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-5339", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5836.json b/2017/5xxx/CVE-2017-5836.json index 80ad7be8cdc..460f7052d20 100644 --- a/2017/5xxx/CVE-2017-5836.json +++ b/2017/5xxx/CVE-2017-5836.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170131 CVE request: multiples vulnerabilities in libplist", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/31/6" - }, - { - "name" : "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in libplist", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/4" - }, - { - "name" : "https://github.com/libimobiledevice/libplist/issues/86", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/issues/86" - }, - { - "name" : "96022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libimobiledevice/libplist/issues/86", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/issues/86" + }, + { + "name": "96022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96022" + }, + { + "name": "[oss-security] 20170131 CVE request: multiples vulnerabilities in libplist", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/31/6" + }, + { + "name": "[oss-security] 20170202 Re: CVE request: multiples vulnerabilities in libplist", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5963.json b/2017/5xxx/CVE-2017-5963.json index 8c249780e71..bdde8f9d15b 100644 --- a/2017/5xxx/CVE-2017-5963.json +++ b/2017/5xxx/CVE-2017-5963.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the \"paymillToken\" HTTP POST parameter passed to the \"caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forge.typo3.org/issues/79325", - "refsource" : "MISC", - "url" : "https://forge.typo3.org/issues/79325" - }, - { - "name" : "96198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the \"paymillToken\" HTTP POST parameter passed to the \"caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://forge.typo3.org/issues/79325", + "refsource": "MISC", + "url": "https://forge.typo3.org/issues/79325" + }, + { + "name": "96198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96198" + } + ] + } +} \ No newline at end of file