From 76a0ab1ff8980b1db10c7ebd9c94e7075adbd646 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:13:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0284.json | 130 +++++++-------- 2001/0xxx/CVE-2001-0690.json | 170 ++++++++++---------- 2001/0xxx/CVE-2001-0885.json | 34 ++-- 2001/1xxx/CVE-2001-1084.json | 170 ++++++++++---------- 2001/1xxx/CVE-2001-1503.json | 150 ++++++++--------- 2001/1xxx/CVE-2001-1517.json | 150 ++++++++--------- 2006/2xxx/CVE-2006-2068.json | 160 +++++++++--------- 2006/2xxx/CVE-2006-2074.json | 200 +++++++++++------------ 2006/2xxx/CVE-2006-2159.json | 160 +++++++++--------- 2006/2xxx/CVE-2006-2494.json | 180 ++++++++++----------- 2006/6xxx/CVE-2006-6022.json | 160 +++++++++--------- 2006/6xxx/CVE-2006-6168.json | 140 ++++++++-------- 2006/6xxx/CVE-2006-6519.json | 140 ++++++++-------- 2006/6xxx/CVE-2006-6953.json | 140 ++++++++-------- 2011/0xxx/CVE-2011-0237.json | 150 ++++++++--------- 2011/2xxx/CVE-2011-2008.json | 130 +++++++-------- 2011/2xxx/CVE-2011-2311.json | 130 +++++++-------- 2011/2xxx/CVE-2011-2529.json | 220 ++++++++++++------------- 2011/2xxx/CVE-2011-2898.json | 160 +++++++++--------- 2011/3xxx/CVE-2011-3002.json | 150 ++++++++--------- 2011/3xxx/CVE-2011-3206.json | 160 +++++++++--------- 2011/3xxx/CVE-2011-3211.json | 250 ++++++++++++++--------------- 2011/3xxx/CVE-2011-3336.json | 34 ++-- 2011/4xxx/CVE-2011-4104.json | 160 +++++++++--------- 2011/4xxx/CVE-2011-4398.json | 34 ++-- 2011/4xxx/CVE-2011-4400.json | 34 ++-- 2013/0xxx/CVE-2013-0226.json | 130 +++++++-------- 2013/0xxx/CVE-2013-0797.json | 160 +++++++++--------- 2013/1xxx/CVE-2013-1498.json | 140 ++++++++-------- 2013/1xxx/CVE-2013-1802.json | 150 ++++++++--------- 2013/5xxx/CVE-2013-5364.json | 160 +++++++++--------- 2013/5xxx/CVE-2013-5673.json | 190 +++++++++++----------- 2013/5xxx/CVE-2013-5708.json | 120 +++++++------- 2013/5xxx/CVE-2013-5882.json | 170 ++++++++++---------- 2014/2xxx/CVE-2014-2135.json | 120 +++++++------- 2014/2xxx/CVE-2014-2610.json | 170 ++++++++++---------- 2014/2xxx/CVE-2014-2817.json | 140 ++++++++-------- 2014/2xxx/CVE-2014-2832.json | 34 ++-- 2014/2xxx/CVE-2014-2891.json | 170 ++++++++++---------- 2014/2xxx/CVE-2014-2911.json | 34 ++-- 2017/0xxx/CVE-2017-0634.json | 130 +++++++-------- 2017/0xxx/CVE-2017-0870.json | 168 +++++++++---------- 2017/0xxx/CVE-2017-0943.json | 34 ++-- 2017/1000xxx/CVE-2017-1000088.json | 124 +++++++------- 2017/1000xxx/CVE-2017-1000392.json | 144 ++++++++--------- 2017/16xxx/CVE-2017-16494.json | 34 ++-- 2017/16xxx/CVE-2017-16765.json | 120 +++++++------- 2017/16xxx/CVE-2017-16900.json | 34 ++-- 2017/1xxx/CVE-2017-1299.json | 130 +++++++-------- 2017/1xxx/CVE-2017-1332.json | 220 ++++++++++++------------- 2017/4xxx/CVE-2017-4370.json | 34 ++-- 2017/4xxx/CVE-2017-4497.json | 34 ++-- 52 files changed, 3395 insertions(+), 3395 deletions(-) diff --git a/2001/0xxx/CVE-2001-0284.json b/2001/0xxx/CVE-2001-0284.json index cdc473b8886..7cba020c8b7 100644 --- a/2001/0xxx/CVE-2001-0284.json +++ b/2001/0xxx/CVE-2001-0284.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html#ipsec_ah" - }, - { - "name" : "6026", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html#ipsec_ah" + }, + { + "name": "6026", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6026" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0690.json b/2001/0xxx/CVE-2001-0690.json index 8d6e72f03be..155d46f01d9 100644 --- a/2001/0xxx/CVE-2001-0690.json +++ b/2001/0xxx/CVE-2001-0690.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010606 lil' exim format bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html" - }, - { - "name" : "DSA-058", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-058" - }, - { - "name" : "CLA-2001:402", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402" - }, - { - "name" : "RHSA-2001:078", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2001-078.html" - }, - { - "name" : "exim-syntax-format-string(6671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6671" - }, - { - "name" : "2828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "exim-syntax-format-string(6671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6671" + }, + { + "name": "20010606 lil' exim format bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html" + }, + { + "name": "2828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2828" + }, + { + "name": "DSA-058", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-058" + }, + { + "name": "RHSA-2001:078", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2001-078.html" + }, + { + "name": "CLA-2001:402", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402" + } + ] + } +} \ No newline at end of file diff --git a/2001/0xxx/CVE-2001-0885.json b/2001/0xxx/CVE-2001-0885.json index b5004f64cf0..d9cc324ee9a 100644 --- a/2001/0xxx/CVE-2001-0885.json +++ b/2001/0xxx/CVE-2001-0885.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0885", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0885", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1084.json b/2001/1xxx/CVE-2001-1084.json index 71c8a4b3a2e..ff204591342 100644 --- a/2001/1xxx/CVE-2001-1084.json +++ b/2001/1xxx/CVE-2001-1084.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" - }, - { - "name" : "MPSB01-06", - "refsource" : "ALLAIRE", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full" - }, - { - "name" : "VU#654643", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/654643" - }, - { - "name" : "2983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2983" - }, - { - "name" : "1891", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1891" - }, - { - "name" : "java-servlet-crosssite-scripting(6793)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "java-servlet-crosssite-scripting(6793)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6793" + }, + { + "name": "20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html" + }, + { + "name": "MPSB01-06", + "refsource": "ALLAIRE", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full" + }, + { + "name": "1891", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1891" + }, + { + "name": "2983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2983" + }, + { + "name": "VU#654643", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/654643" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1503.json b/2001/1xxx/CVE-2001-1503.json index a595ee41ca7..e17ddce297a 100644 --- a/2001/1xxx/CVE-2001-1503.json +++ b/2001/1xxx/CVE-2001-1503.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011022 Solaris fingerd disclose complete user list", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0016.html" - }, - { - "name" : "27116", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-27116-1" - }, - { - "name" : "3457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3457" - }, - { - "name" : "solaris-fingerd-list-accounts(7334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-fingerd-list-accounts(7334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7334" + }, + { + "name": "20011022 Solaris fingerd disclose complete user list", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0016.html" + }, + { + "name": "27116", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-27116-1" + }, + { + "name": "3457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3457" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1517.json b/2001/1xxx/CVE-2001-1517.json index 0b1698afc24..fe2885857d2 100644 --- a/2001/1xxx/CVE-2001-1517.json +++ b/2001/1xxx/CVE-2001-1517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011112 RADIX1112200102", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html" - }, - { - "name" : "20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html" - }, - { - "name" : "3184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3184" - }, - { - "name" : "win2k-runas-reveal-information(7531)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7531.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it, and the original researcher did not respond to requests for additional information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3184" + }, + { + "name": "20011112 RADIX1112200102", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0041.html" + }, + { + "name": "20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html" + }, + { + "name": "win2k-runas-reveal-information(7531)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7531.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2068.json b/2006/2xxx/CVE-2006-2068.json index 4e2aa7880c0..84df6b66e49 100644 --- a/2006/2xxx/CVE-2006-2068.json +++ b/2006/2xxx/CVE-2006-2068.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html" - }, - { - "name" : "17706", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17706" - }, - { - "name" : "ADV-2006-1524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1524" - }, - { - "name" : "19841", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19841" - }, - { - "name" : "hitachi-jp1-request-dos(26087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19841", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19841" + }, + { + "name": "hitachi-jp1-request-dos(26087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26087" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html" + }, + { + "name": "17706", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17706" + }, + { + "name": "ADV-2006-1524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1524" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2074.json b/2006/2xxx/CVE-2006-2074.json index 1b5b22621ed..f882b98f6fd 100644 --- a/2006/2xxx/CVE-2006-2074.json +++ b/2006/2xxx/CVE-2006-2074.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS \"client code,\" as demonstrated by the OUSPG PROTOS DNS test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" - }, - { - "name" : "VU#955777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955777" - }, - { - "name" : "17693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17693" - }, - { - "name" : "ADV-2006-1505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1505" - }, - { - "name" : "ADV-2006-1526", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1526" - }, - { - "name" : "1015992", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015992" - }, - { - "name" : "19822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19822" - }, - { - "name" : "dns-improper-request-handling(26081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS \"client code,\" as demonstrated by the OUSPG PROTOS DNS test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1015992", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015992" + }, + { + "name": "dns-improper-request-handling(26081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" + }, + { + "name": "VU#955777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955777" + }, + { + "name": "19822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19822" + }, + { + "name": "17693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17693" + }, + { + "name": "ADV-2006-1526", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1526" + }, + { + "name": "ADV-2006-1505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1505" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2159.json b/2006/2xxx/CVE-2006-2159.json index 2e51a2b8b62..30902841238 100644 --- a/2006/2xxx/CVE-2006-2159.json +++ b/2006/2xxx/CVE-2006-2159.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 Russcom.net Loginphp multiple vulnerabilties", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432729/100/0/threaded" - }, - { - "name" : "17787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17787" - }, - { - "name" : "25214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25214" - }, - { - "name" : "19930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19930" - }, - { - "name" : "russcom-loginphp-help-mail-relay(26250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25214" + }, + { + "name": "19930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19930" + }, + { + "name": "20060502 Russcom.net Loginphp multiple vulnerabilties", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432729/100/0/threaded" + }, + { + "name": "russcom-loginphp-help-mail-relay(26250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26250" + }, + { + "name": "17787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17787" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2494.json b/2006/2xxx/CVE-2006-2494.json index 79bcca6eb11..b5cb22b291a 100644 --- a/2006/2xxx/CVE-2006-2494.json +++ b/2006/2xxx/CVE-2006-2494.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1806", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1806" - }, - { - "name" : "18039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18039" - }, - { - "name" : "ADV-2006-1860", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1860" - }, - { - "name" : "ADV-2008-2120", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2120" - }, - { - "name" : "1016117", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016117" - }, - { - "name" : "20172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20172" - }, - { - "name" : "intellitamper-map-bo(26551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1860", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1860" + }, + { + "name": "18039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18039" + }, + { + "name": "ADV-2008-2120", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2120" + }, + { + "name": "1016117", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016117" + }, + { + "name": "20172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20172" + }, + { + "name": "intellitamper-map-bo(26551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26551" + }, + { + "name": "1806", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1806" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6022.json b/2006/6xxx/CVE-2006-6022.json index 8d710e74246..e3544ecf448 100644 --- a/2006/6xxx/CVE-2006-6022.json +++ b/2006/6xxx/CVE-2006-6022.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 Dating Site [ login bypass & xss]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451963/100/0/threaded" - }, - { - "name" : "21158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21158" - }, - { - "name" : "23017", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23017" - }, - { - "name" : "1898", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1898" - }, - { - "name" : "datingsite-loginform-xss(30396)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1898", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1898" + }, + { + "name": "23017", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23017" + }, + { + "name": "21158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21158" + }, + { + "name": "20061117 Dating Site [ login bypass & xss]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451963/100/0/threaded" + }, + { + "name": "datingsite-loginform-xss(30396)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30396" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6168.json b/2006/6xxx/CVE-2006-6168.json index 130f89a052a..d562174f798 100644 --- a/2006/6xxx/CVE-2006-6168.json +++ b/2006/6xxx/CVE-2006-6168.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51" - }, - { - "name" : "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69", - "refsource" : "CONFIRM", - "url" : "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69" - }, - { - "name" : "ADV-2006-4709", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4709" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger \"notification-spam\" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of \"a minimal check on email.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51", + "refsource": "CONFIRM", + "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/changelog.txt?r1=1.157.2.50&r2=1.157.2.51" + }, + { + "name": "ADV-2006-4709", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4709" + }, + { + "name": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69", + "refsource": "CONFIRM", + "url": "http://tikiwiki.cvs.sourceforge.net/tikiwiki/tiki/tiki-register.php?r1=1.68&r2=1.69" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6519.json b/2006/6xxx/CVE-2006-6519.json index 9a3a5cc403e..d3de2177ee2 100644 --- a/2006/6xxx/CVE-2006-6519.json +++ b/2006/6xxx/CVE-2006-6519.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061209 ProNews V1.5 XSS & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453964/100/0/threaded" - }, - { - "name" : "21516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21516" - }, - { - "name" : "2025", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21516" + }, + { + "name": "2025", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2025" + }, + { + "name": "20061209 ProNews V1.5 XSS & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453964/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6953.json b/2006/6xxx/CVE-2006-6953.json index 83505081c6e..3433397dda9 100644 --- a/2006/6xxx/CVE-2006-6953.json +++ b/2006/6xxx/CVE-2006-6953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 GlobeTrotter Mobility Manager - security issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438376/100/100/threaded" - }, - { - "name" : "http://img45.imageshack.us/my.php?image=poc7ik.jpg", - "refsource" : "MISC", - "url" : "http://img45.imageshack.us/my.php?image=poc7ik.jpg" - }, - { - "name" : "globetrotter-virtual-information-disclosure(27447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virtual keyboard implementation in GlobeTrotter Mobility Manager changes the color of a key as it is pressed, which allows local users to capture arbitrary keystrokes, such as for passwords, by shoulder surfing or grabbing periodic screenshots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060623 GlobeTrotter Mobility Manager - security issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438376/100/100/threaded" + }, + { + "name": "http://img45.imageshack.us/my.php?image=poc7ik.jpg", + "refsource": "MISC", + "url": "http://img45.imageshack.us/my.php?image=poc7ik.jpg" + }, + { + "name": "globetrotter-virtual-information-disclosure(27447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27447" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0237.json b/2011/0xxx/CVE-2011-0237.json index eeec9c8f0f5..148afade795 100644 --- a/2011/0xxx/CVE-2011-0237.json +++ b/2011/0xxx/CVE-2011-0237.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2008.json b/2011/2xxx/CVE-2011-2008.json index ee29c442a3c..411c0c4b8a1 100644 --- a/2011/2xxx/CVE-2011-2008.json +++ b/2011/2xxx/CVE-2011-2008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka \"Access of Unallocated Memory DoS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-2008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-082", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082" - }, - { - "name" : "oval:org.mitre.oval:def:12915", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka \"Access of Unallocated Memory DoS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12915", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12915" + }, + { + "name": "MS11-082", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-082" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2311.json b/2011/2xxx/CVE-2011-2311.json index 21a3163a21b..ce3bb804edd 100644 --- a/2011/2xxx/CVE-2011-2311.json +++ b/2011/2xxx/CVE-2011-2311.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "76464", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to ZFS, a different vulnerability than CVE-2011-2313." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76464", + "refsource": "OSVDB", + "url": "http://osvdb.org/76464" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2529.json b/2011/2xxx/CVE-2011-2529.json index baf0fba1141..e5dbad730e2 100644 --- a/2011/2xxx/CVE-2011-2529.json +++ b/2011/2xxx/CVE-2011-2529.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2011-008.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2011-008.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2011-008.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2011-008.html" - }, - { - "name" : "DSA-2276", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2276" - }, - { - "name" : "FEDORA-2011-8914", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html" - }, - { - "name" : "48431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48431" - }, - { - "name" : "73307", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/73307" - }, - { - "name" : "1025706", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025706" - }, - { - "name" : "45048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45048" - }, - { - "name" : "45201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45201" - }, - { - "name" : "45239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45239" - }, - { - "name" : "asterisk-sipsockread-dos(68203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asterisk-sipsockread-dos(68203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68203" + }, + { + "name": "73307", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/73307" + }, + { + "name": "48431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48431" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2011-008.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.html" + }, + { + "name": "45239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45239" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2011-008.diff" + }, + { + "name": "DSA-2276", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2276" + }, + { + "name": "FEDORA-2011-8914", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062628.html" + }, + { + "name": "45048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45048" + }, + { + "name": "1025706", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025706" + }, + { + "name": "45201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45201" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2898.json b/2011/2xxx/CVE-2011-2898.json index e04e8ce8dc6..68cdbe05ef1 100644 --- a/2011/2xxx/CVE-2011-2898.json +++ b/2011/2xxx/CVE-2011-2898.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110803 Re: CVE request: Linux kernel af_packet information leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/08/03/7" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13fcb7bd322164c67926ffe272846d4860196dc6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13fcb7bd322164c67926ffe272846d4860196dc6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=728023", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=728023" - }, - { - "name" : "https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13fcb7bd322164c67926ffe272846d4860196dc6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13fcb7bd322164c67926ffe272846d4860196dc6" + }, + { + "name": "[oss-security] 20110803 Re: CVE request: Linux kernel af_packet information leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/08/03/7" + }, + { + "name": "https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/13fcb7bd322164c67926ffe272846d4860196dc6" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=728023", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=728023" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3002.json b/2011/3xxx/CVE-2011-3002.json index 141cddf559c..76604131bf4 100644 --- a/2011/3xxx/CVE-2011-3002.json +++ b/2011/3xxx/CVE-2011-3002.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-41.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-41.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680840", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680840" - }, - { - "name" : "MDVSA-2011:141", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:141" - }, - { - "name" : "oval:org.mitre.oval:def:14388", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-41.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-41.html" + }, + { + "name": "MDVSA-2011:141", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:141" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=680840", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=680840" + }, + { + "name": "oval:org.mitre.oval:def:14388", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14388" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3206.json b/2011/3xxx/CVE-2011-3206.json index 19a3a9b619c..56d359396b7 100644 --- a/2011/3xxx/CVE-2011-3206.json +++ b/2011/3xxx/CVE-2011-3206.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=734662", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=734662" - }, - { - "name" : "RHSA-2012:0089", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0089.html" - }, - { - "name" : "1026435", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026435" - }, - { - "name" : "47197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47197" - }, - { - "name" : "47280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47197" + }, + { + "name": "47280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47280" + }, + { + "name": "RHSA-2012:0089", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html" + }, + { + "name": "1026435", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026435" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=734662", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=734662" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3211.json b/2011/3xxx/CVE-2011-3211.json index 61b151c7118..ef3f7b257bb 100644 --- a/2011/3xxx/CVE-2011-3211.json +++ b/2011/3xxx/CVE-2011-3211.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bcfg-dev] 20110816 Security flaw in 1.1.x; testers wanted", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318" - }, - { - "name" : "[oss-security] 20110901 CVE request for bcfg2 (remote root)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/01/1" - }, - { - "name" : "[oss-security] 20110906 Re: CVE request for bcfg2 (remote root)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/09/06/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=736279", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=736279" - }, - { - "name" : "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53", - "refsource" : "CONFIRM", - "url" : "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53" - }, - { - "name" : "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7", - "refsource" : "CONFIRM", - "url" : "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7" - }, - { - "name" : "DSA-2302", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2302" - }, - { - "name" : "FEDORA-2011-12298", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html" - }, - { - "name" : "FEDORA-2011-12303", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html" - }, - { - "name" : "49414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49414" - }, - { - "name" : "45807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45807" - }, - { - "name" : "45926", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45926" - }, - { - "name" : "46042", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7", + "refsource": "CONFIRM", + "url": "https://github.com/solj/bcfg2/commit/f4a35efec1b6a1e54d61cf1b8bfc83dd1d89eef7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=736279", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736279" + }, + { + "name": "49414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49414" + }, + { + "name": "46042", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46042" + }, + { + "name": "DSA-2302", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2302" + }, + { + "name": "FEDORA-2011-12303", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html" + }, + { + "name": "45926", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45926" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=640028" + }, + { + "name": "[bcfg-dev] 20110816 Security flaw in 1.1.x; testers wanted", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318" + }, + { + "name": "45807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45807" + }, + { + "name": "[oss-security] 20110906 Re: CVE request for bcfg2 (remote root)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/06/1" + }, + { + "name": "FEDORA-2011-12298", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066071.html" + }, + { + "name": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53", + "refsource": "CONFIRM", + "url": "https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53" + }, + { + "name": "[oss-security] 20110901 CVE request for bcfg2 (remote root)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/09/01/1" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3336.json b/2011/3xxx/CVE-2011-3336.json index 34b3c39435b..0acb7773637 100644 --- a/2011/3xxx/CVE-2011-3336.json +++ b/2011/3xxx/CVE-2011-3336.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3336", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3336", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4104.json b/2011/4xxx/CVE-2011-4104.json index 6a70f33a568..7e2f6a2b39b 100644 --- a/2011/4xxx/CVE-2011-4104.json +++ b/2011/4xxx/CVE-2011-4104.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111102 Re: CVE request for Django-piston and Tastypie", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/1" - }, - { - "name" : "[oss-security] 20111102 Re: Re: CVE request for Django-piston and Tastypie", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/7" - }, - { - "name" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/", - "refsource" : "MISC", - "url" : "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/" - }, - { - "name" : "https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2", - "refsource" : "CONFIRM", - "url" : "https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2" - }, - { - "name" : "https://groups.google.com/forum/#!topic/django-tastypie/i2aNGDHTUBI", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/django-tastypie/i2aNGDHTUBI" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/forum/#!topic/django-tastypie/i2aNGDHTUBI", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/django-tastypie/i2aNGDHTUBI" + }, + { + "name": "[oss-security] 20111102 Re: Re: CVE request for Django-piston and Tastypie", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/7" + }, + { + "name": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/", + "refsource": "MISC", + "url": "https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/" + }, + { + "name": "https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2", + "refsource": "CONFIRM", + "url": "https://github.com/toastdriven/django-tastypie/commit/e8af315211b07c8f48f32a063233cc3f76dd5bc2" + }, + { + "name": "[oss-security] 20111102 Re: CVE request for Django-piston and Tastypie", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/1" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4398.json b/2011/4xxx/CVE-2011-4398.json index c648bdafa25..d07766c34c8 100644 --- a/2011/4xxx/CVE-2011-4398.json +++ b/2011/4xxx/CVE-2011-4398.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4398", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4398", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4400.json b/2011/4xxx/CVE-2011-4400.json index 15d52624355..474aba0184b 100644 --- a/2011/4xxx/CVE-2011-4400.json +++ b/2011/4xxx/CVE-2011-4400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4400", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4400", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0226.json b/2013/0xxx/CVE-2013-0226.json index 2439c327aff..8138e99d160 100644 --- a/2013/0xxx/CVE-2013-0226.json +++ b/2013/0xxx/CVE-2013-0226.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the \"view shortcuts\" permission to read nodes or (2) remote authenticated users with the \"admin shortcuts\" permission to read, edit, or delete nodes via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-0226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130124 Re: CVE request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/01/25/4" - }, - { - "name" : "https://drupal.org/node/1896752", - "refsource" : "MISC", - "url" : "https://drupal.org/node/1896752" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal does not properly check node restrictions, which allows (1) remote authenticated users with the \"view shortcuts\" permission to read nodes or (2) remote authenticated users with the \"admin shortcuts\" permission to read, edit, or delete nodes via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://drupal.org/node/1896752", + "refsource": "MISC", + "url": "https://drupal.org/node/1896752" + }, + { + "name": "[oss-security] 20130124 Re: CVE request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/01/25/4" + } + ] + } +} \ No newline at end of file diff --git a/2013/0xxx/CVE-2013-0797.json b/2013/0xxx/CVE-2013-0797.json index d2e23eddd42..47866c6c6e0 100644 --- a/2013/0xxx/CVE-2013-0797.json +++ b/2013/0xxx/CVE-2013-0797.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830134", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=830134" - }, - { - "name" : "SUSE-SU-2013:0645", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" - }, - { - "name" : "SUSE-SU-2013:0850", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" - }, - { - "name" : "oval:org.mitre.oval:def:17146", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2013:0850", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html" + }, + { + "name": "oval:org.mitre.oval:def:17146", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17146" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-34.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=830134" + }, + { + "name": "SUSE-SU-2013:0645", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1498.json b/2013/1xxx/CVE-2013-1498.json index 6433d20ba5d..2d6d78a3afa 100644 --- a/2013/1xxx/CVE-2013-1498.json +++ b/2013/1xxx/CVE-2013-1498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "oval:org.mitre.oval:def:19498", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19498" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "oval:org.mitre.oval:def:19498", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19498" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1802.json b/2013/1xxx/CVE-2013-1802.json index 9b77de606f6..40402cb54a9 100644 --- a/2013/1xxx/CVE-2013-1802.json +++ b/2013/1xxx/CVE-2013-1802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917233", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917233" - }, - { - "name" : "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", - "refsource" : "MISC", - "url" : "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately" - }, - { - "name" : "https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5", - "refsource" : "CONFIRM", - "url" : "https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5" - }, - { - "name" : "SUSE-SU-2013:0612", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5", + "refsource": "CONFIRM", + "url": "https://github.com/datamapper/extlib/compare/b4f98174ec35ac96f76a08d5624fad05d22879b5...4540e7102b803624cc2eade4bb8aaaa934fc31c5" + }, + { + "name": "SUSE-SU-2013:0612", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00002.html" + }, + { + "name": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately", + "refsource": "MISC", + "url": "https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917233", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917233" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5364.json b/2013/5xxx/CVE-2013-5364.json index 3bbd12bed9b..bc57bc3f25b 100644 --- a/2013/5xxx/CVE-2013-5364.json +++ b/2013/5xxx/CVE-2013-5364.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-5364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/vulnerability_scanning/corporate/release-history/", - "refsource" : "CONFIRM", - "url" : "http://secunia.com/vulnerability_scanning/corporate/release-history/" - }, - { - "name" : "64775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64775" - }, - { - "name" : "101901", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101901" - }, - { - "name" : "56380", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56380" - }, - { - "name" : "csi-agent-cve20135364-data-manipulation(90230)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64775" + }, + { + "name": "http://secunia.com/vulnerability_scanning/corporate/release-history/", + "refsource": "CONFIRM", + "url": "http://secunia.com/vulnerability_scanning/corporate/release-history/" + }, + { + "name": "101901", + "refsource": "OSVDB", + "url": "http://osvdb.org/101901" + }, + { + "name": "56380", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56380" + }, + { + "name": "csi-agent-cve20135364-data-manipulation(90230)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90230" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5673.json b/2013/5xxx/CVE-2013-5673.json index a946bd693c5..eba9d0d83fc 100644 --- a/2013/5xxx/CVE-2013-5673.json +++ b/2013/5xxx/CVE-2013-5673.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130901 IndiaNIC Testimonail WP plugin - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0006.html" - }, - { - "name" : "28054", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/28054" - }, - { - "name" : "20130901 IndiaNIC Testimonial WP plugin - Multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Sep/5" - }, - { - "name" : "[oss-security] 20130901 Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q3/531" - }, - { - "name" : "http://packetstormsecurity.com/files/123036", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123036" - }, - { - "name" : "62108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62108" - }, - { - "name" : "96793", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96793" - }, - { - "name" : "indianictestimon-cve20135673-sql-injection(86847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96793", + "refsource": "OSVDB", + "url": "http://osvdb.org/96793" + }, + { + "name": "20130901 IndiaNIC Testimonial WP plugin - Multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Sep/5" + }, + { + "name": "[oss-security] 20130901 Re: [CVE Request] IndiaNIC Testimonial 2.2 WP plugin", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q3/531" + }, + { + "name": "indianictestimon-cve20135673-sql-injection(86847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86847" + }, + { + "name": "28054", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/28054" + }, + { + "name": "http://packetstormsecurity.com/files/123036", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123036" + }, + { + "name": "62108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62108" + }, + { + "name": "20130901 IndiaNIC Testimonail WP plugin - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0006.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5708.json b/2013/5xxx/CVE-2013-5708.json index 7906e48862b..39f79b55faf 100644 --- a/2013/5xxx/CVE-2013-5708.json +++ b/2013/5xxx/CVE-2013-5708.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#960908", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/960908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Coursemill Learning Management System (LMS) 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#960908", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/960908" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5882.json b/2013/5xxx/CVE-2013-5882.json index 1d38acb7fba..2cb6207d00f 100644 --- a/2013/5xxx/CVE-2013-5882.json +++ b/2013/5xxx/CVE-2013-5882.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "GLSA-201409-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64854" - }, - { - "name" : "56491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56491" - }, - { - "name" : "oracle-cpujan2014-cve20135882(90374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64854" + }, + { + "name": "56491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56491" + }, + { + "name": "oracle-cpujan2014-cve20135882(90374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90374" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "GLSA-201409-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201409-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2135.json b/2014/2xxx/CVE-2014-2135.json index c86260fa072..e6e3a5cc1f2 100644 --- a/2014/2xxx/CVE-2014-2135.json +++ b/2014/2xxx/CVE-2014-2135.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .arf file, aka Bug IDs CSCul87216 and CSCuj07603." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140507 Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140507-webex" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2610.json b/2014/2xxx/CVE-2014-2610.json index 87f06e71216..2b0b779386c 100644 --- a/2014/2xxx/CVE-2014-2610.json +++ b/2014/2xxx/CVE-2014-2610.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-14-209/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-14-209/" - }, - { - "name" : "HPSBMU03048", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295" - }, - { - "name" : "SSRT101435", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295" - }, - { - "name" : "68093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68093" - }, - { - "name" : "1030439", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030439" - }, - { - "name" : "59363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Content Acceleration Pack (CAP) web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59363" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-14-209/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-14-209/" + }, + { + "name": "68093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68093" + }, + { + "name": "1030439", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030439" + }, + { + "name": "SSRT101435", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295" + }, + { + "name": "HPSBMU03048", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04341295" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2817.json b/2014/2xxx/CVE-2014-2817.json index d535f04bab2..12237eefc4d 100644 --- a/2014/2xxx/CVE-2014-2817.json +++ b/2014/2xxx/CVE-2014-2817.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69092" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69092" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2832.json b/2014/2xxx/CVE-2014-2832.json index c047fb3aca3..4c01ff6a86d 100644 --- a/2014/2xxx/CVE-2014-2832.json +++ b/2014/2xxx/CVE-2014-2832.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2832", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2832", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2891.json b/2014/2xxx/CVE-2014-2891.json index a14eeada525..baa1bb77fc2 100644 --- a/2014/2xxx/CVE-2014-2891.json +++ b/2014/2xxx/CVE-2014-2891.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html", - "refsource" : "CONFIRM", - "url" : "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html" - }, - { - "name" : "DSA-2922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2922" - }, - { - "name" : "openSUSE-SU-2014:0697", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html" - }, - { - "name" : "openSUSE-SU-2014:0700", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html" - }, - { - "name" : "67212", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67212" - }, - { - "name" : "59864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59864" + }, + { + "name": "DSA-2922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2922" + }, + { + "name": "67212", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67212" + }, + { + "name": "openSUSE-SU-2014:0697", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html" + }, + { + "name": "openSUSE-SU-2014:0700", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html" + }, + { + "name": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html", + "refsource": "CONFIRM", + "url": "http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2911.json b/2014/2xxx/CVE-2014-2911.json index 16efaeb0315..450e9dbe376 100644 --- a/2014/2xxx/CVE-2014-2911.json +++ b/2014/2xxx/CVE-2014-2911.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2911", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2911", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0634.json b/2017/0xxx/CVE-2017-0634.json index 9f399c312d2..fee3f2d59e6 100644 --- a/2017/0xxx/CVE-2017-0634.json +++ b/2017/0xxx/CVE-2017-0634.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-05-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-05-01" - }, - { - "name" : "98224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability in the Synaptics touchscreen driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511682." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-05-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-05-01" + }, + { + "name": "98224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98224" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0870.json b/2017/0xxx/CVE-2017-0870.json index c123202d9f9..ae3a3a49d48 100644 --- a/2017/0xxx/CVE-2017-0870.json +++ b/2017/0xxx/CVE-2017-0870.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-0870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-0870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-62134807." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102131" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0943.json b/2017/0xxx/CVE-2017-0943.json index 248facec94d..80f23d5e5ed 100644 --- a/2017/0xxx/CVE-2017-0943.json +++ b/2017/0xxx/CVE-2017-0943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000088.json b/2017/1000xxx/CVE-2017-1000088.json index 5d2346f42de..bbc109e918f 100644 --- a/2017/1000xxx/CVE-2017-1000088.json +++ b/2017/1000xxx/CVE-2017-1000088.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.310000", - "ID" : "CVE-2017-1000088", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Sidebar Link Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.8 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Sidebar Link Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.310000", + "ID": "CVE-2017-1000088", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-07-10/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-07-10/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-07-10/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-07-10/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000392.json b/2017/1000xxx/CVE-2017-1000392.json index 1be16f4d9d9..958849455fe 100644 --- a/2017/1000xxx/CVE-2017-1000392.json +++ b/2017/1000xxx/CVE-2017-1000392.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000392", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "2.88 and earlier; 2.73.2 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000392", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-11-08/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-11-08/" - }, - { - "name" : "101773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101773" - }, - { - "name" : "102826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102826" + }, + { + "name": "101773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101773" + }, + { + "name": "https://jenkins.io/security/advisory/2017-11-08/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-11-08/" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16494.json b/2017/16xxx/CVE-2017-16494.json index cda93004748..4ba5e3b673c 100644 --- a/2017/16xxx/CVE-2017-16494.json +++ b/2017/16xxx/CVE-2017-16494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16494", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16765.json b/2017/16xxx/CVE-2017-16765.json index d71924ba712..58c085acab1 100644 --- a/2017/16xxx/CVE-2017-16765.json +++ b/2017/16xxx/CVE-2017-16765.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16765", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/shiham101/d8f98d4ce302c12576f39af2ad2448ca", - "refsource" : "MISC", - "url" : "https://gist.github.com/shiham101/d8f98d4ce302c12576f39af2ad2448ca" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/shiham101/d8f98d4ce302c12576f39af2ad2448ca", + "refsource": "MISC", + "url": "https://gist.github.com/shiham101/d8f98d4ce302c12576f39af2ad2448ca" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16900.json b/2017/16xxx/CVE-2017-16900.json index 02a212d778d..18f20065d81 100644 --- a/2017/16xxx/CVE-2017-16900.json +++ b/2017/16xxx/CVE-2017-16900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1299.json b/2017/1xxx/CVE-2017-1299.json index 0214a34a2d2..06682da20eb 100644 --- a/2017/1xxx/CVE-2017-1299.json +++ b/2017/1xxx/CVE-2017-1299.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171299-xss(125161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171299-xss(125161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1332.json b/2017/1xxx/CVE-2017-1332.json index dadd294fa18..bf61d7a9f5f 100644 --- a/2017/1xxx/CVE-2017-1332.json +++ b/2017/1xxx/CVE-2017-1332.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-25T00:00:00", - "ID" : "CVE-2017-1332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iNotes", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "8.5.3" - }, - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.1" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "8.5.3.6" - }, - { - "version_value" : "9.0.1" - }, - { - "version_value" : "8.5.1.5" - }, - { - "version_value" : "8.5.2.4" - }, - { - "version_value" : "8.5.2.1" - }, - { - "version_value" : "8.5.3.1" - }, - { - "version_value" : "9.0.1.1" - }, - { - "version_value" : "8.5.1.1" - }, - { - "version_value" : "9.0.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-25T00:00:00", + "ID": "CVE-2017-1332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iNotes", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "8.5.3" + }, + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.1" + }, + { + "version_value": "8.5" + }, + { + "version_value": "8.5.3.6" + }, + { + "version_value": "9.0.1" + }, + { + "version_value": "8.5.1.5" + }, + { + "version_value": "8.5.2.4" + }, + { + "version_value": "8.5.2.1" + }, + { + "version_value": "8.5.3.1" + }, + { + "version_value": "9.0.1.1" + }, + { + "version_value": "8.5.1.1" + }, + { + "version_value": "9.0.1.8" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005233", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005233" - }, - { - "name" : "100028", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22005233", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22005233" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126234" + }, + { + "name": "100028", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100028" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4370.json b/2017/4xxx/CVE-2017-4370.json index 9e2b5b9f9c8..2e63a175eb9 100644 --- a/2017/4xxx/CVE-2017-4370.json +++ b/2017/4xxx/CVE-2017-4370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4370", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4370", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4497.json b/2017/4xxx/CVE-2017-4497.json index 6d472fe6b7e..ea99cf633d5 100644 --- a/2017/4xxx/CVE-2017-4497.json +++ b/2017/4xxx/CVE-2017-4497.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4497", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4497", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file