diff --git a/2006/2xxx/CVE-2006-2180.json b/2006/2xxx/CVE-2006-2180.json index 5b6549e4ed1..c731199f2ba 100644 --- a/2006/2xxx/CVE-2006-2180.json +++ b/2006/2xxx/CVE-2006-2180.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 FTP Fuzzer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114658586018818&w=2" - }, - { - "name" : "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" - }, - { - "name" : "http://www.infigo.hr/en/in_focus/tools", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/en/in_focus/tools" - }, - { - "name" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", - "refsource" : "MISC", - "url" : "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" - }, - { - "name" : "17801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17801" - }, - { - "name" : "ADV-2006-1640", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1640" - }, - { - "name" : "25217", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25217" - }, - { - "name" : "19917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19917" - }, - { - "name" : "goldenftp-nlst-appe-bo(26195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "goldenftp-nlst-appe-bo(26195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26195" + }, + { + "name": "19917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19917" + }, + { + "name": "http://www.infigo.hr/en/in_focus/tools", + "refsource": "MISC", + "url": "http://www.infigo.hr/en/in_focus/tools" + }, + { + "name": "25217", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25217" + }, + { + "name": "20060502 FTP Fuzzer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114658586018818&w=2" + }, + { + "name": "ADV-2006-1640", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1640" + }, + { + "name": "17801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17801" + }, + { + "name": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03", + "refsource": "MISC", + "url": "http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03" + }, + { + "name": "20060508 INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0139.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2226.json b/2006/2xxx/CVE-2006-2226.json index d917d9874fc..00454534c4e 100644 --- a/2006/2xxx/CVE-2006-2226.json +++ b/2006/2xxx/CVE-2006-2226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1552", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1552" - }, - { - "name" : "http://www.packetstormsecurity.org/0606-exploits/xmepftp.txt", - "refsource" : "MISC", - "url" : "http://www.packetstormsecurity.org/0606-exploits/xmepftp.txt" - }, - { - "name" : "18711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18711" - }, - { - "name" : "19970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1552", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1552" + }, + { + "name": "http://www.packetstormsecurity.org/0606-exploits/xmepftp.txt", + "refsource": "MISC", + "url": "http://www.packetstormsecurity.org/0606-exploits/xmepftp.txt" + }, + { + "name": "19970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19970" + }, + { + "name": "18711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18711" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3059.json b/2006/3xxx/CVE-2006-3059.json index 3a12470aa45..9c346228667 100644 --- a/2006/3xxx/CVE-2006-3059.json +++ b/2006/3xxx/CVE-2006-3059.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 Microsoft Excel 0-day Vulnerability FAQ document written", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437636/100/0/threaded" - }, - { - "name" : "20060621 Excel 0-day FAQ updated with Microsoft advisory information", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437936/100/0/threaded" - }, - { - "name" : "http://blogs.securiteam.com/?p=451", - "refsource" : "MISC", - "url" : "http://blogs.securiteam.com/?p=451" - }, - { - "name" : "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx" - }, - { - "name" : "MS06-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" - }, - { - "name" : "TA06-167A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-167A.html" - }, - { - "name" : "http://isc.sans.org/diary.php?storyid=1420", - "refsource" : "MISC", - "url" : "http://isc.sans.org/diary.php?storyid=1420" - }, - { - "name" : "TA06-192A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" - }, - { - "name" : "VU#802324", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/802324" - }, - { - "name" : "18422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18422" - }, - { - "name" : "ADV-2006-2361", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2361" - }, - { - "name" : "ADV-2006-2755", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2755" - }, - { - "name" : "26527", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26527" - }, - { - "name" : "oval:org.mitre.oval:def:537", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537" - }, - { - "name" : "1016316", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016316" - }, - { - "name" : "20686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20686" - }, - { - "name" : "excel-unspecified-code-execution(27179)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#802324", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/802324" + }, + { + "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded" + }, + { + "name": "MS06-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037" + }, + { + "name": "oval:org.mitre.oval:def:537", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537" + }, + { + "name": "excel-unspecified-code-execution(27179)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179" + }, + { + "name": "http://blogs.securiteam.com/?p=451", + "refsource": "MISC", + "url": "http://blogs.securiteam.com/?p=451" + }, + { + "name": "26527", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26527" + }, + { + "name": "20686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20686" + }, + { + "name": "TA06-167A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html" + }, + { + "name": "http://isc.sans.org/diary.php?storyid=1420", + "refsource": "MISC", + "url": "http://isc.sans.org/diary.php?storyid=1420" + }, + { + "name": "1016316", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016316" + }, + { + "name": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx" + }, + { + "name": "ADV-2006-2755", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2755" + }, + { + "name": "18422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18422" + }, + { + "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded" + }, + { + "name": "TA06-192A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html" + }, + { + "name": "ADV-2006-2361", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2361" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3328.json b/2006/3xxx/CVE-2006-3328.json index a08786a0e60..082aa8ac325 100644 --- a/2006/3xxx/CVE-2006-3328.json +++ b/2006/3xxx/CVE-2006-3328.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter (\"Ticket Description\" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/hostflow-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/hostflow-vuln.html" - }, - { - "name" : "18695", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18695" - }, - { - "name" : "ADV-2006-2570", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2570" - }, - { - "name" : "26872", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26872" - }, - { - "name" : "20863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20863" - }, - { - "name" : "hostflow-ticketdescription-xss(27426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter (\"Ticket Description\" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/hostflow-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/hostflow-vuln.html" + }, + { + "name": "26872", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26872" + }, + { + "name": "ADV-2006-2570", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2570" + }, + { + "name": "18695", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18695" + }, + { + "name": "hostflow-ticketdescription-xss(27426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27426" + }, + { + "name": "20863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3456.json b/2006/3xxx/CVE-2006-3456.json index 8c0e7f2638d..97c4c4021c8 100644 --- a/2006/3xxx/CVE-2006-3456.json +++ b/2006/3xxx/CVE-2006-3456.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2007.05.09.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2007.05.09.html" - }, - { - "name" : "23822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/23822" - }, - { - "name" : "35075", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35075" - }, - { - "name" : "ADV-2007-1751", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1751" - }, - { - "name" : "1018031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018031" - }, - { - "name" : "25172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25172" - }, - { - "name" : "symantec-navopts-security-bypass(34200)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html" + }, + { + "name": "ADV-2007-1751", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1751" + }, + { + "name": "23822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/23822" + }, + { + "name": "25172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25172" + }, + { + "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529" + }, + { + "name": "35075", + "refsource": "OSVDB", + "url": "http://osvdb.org/35075" + }, + { + "name": "1018031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018031" + }, + { + "name": "symantec-navopts-security-bypass(34200)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3988.json b/2006/3xxx/CVE-2006-3988.json index 710ea83275e..5831585d8b9 100644 --- a/2006/3xxx/CVE-2006-3988.json +++ b/2006/3xxx/CVE-2006-3988.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441808/100/0/threaded" - }, - { - "name" : "2101", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2101" - }, - { - "name" : "19275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19275" - }, - { - "name" : "ADV-2006-3092", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3092" - }, - { - "name" : "21312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21312" - }, - { - "name" : "1326", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1326" - }, - { - "name" : "newsreporter-index-file-include(28095)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3092", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3092" + }, + { + "name": "19275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19275" + }, + { + "name": "21312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21312" + }, + { + "name": "20060801 [Kurdish Security # 16 ] newsReporter v1.0 Remote Command Execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441808/100/0/threaded" + }, + { + "name": "1326", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1326" + }, + { + "name": "2101", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2101" + }, + { + "name": "newsreporter-index-file-include(28095)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28095" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4069.json b/2006/4xxx/CVE-2006-4069.json index eab3bfc6af7..3eb8da13198 100644 --- a/2006/4xxx/CVE-2006-4069.json +++ b/2006/4xxx/CVE-2006-4069.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a \"submit comment\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060802 OZJournal v1.5 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442035/100/200/threaded" - }, - { - "name" : "http://www.youfucktard.com/blog/2006/08/02/ozjournal-v15-xss/", - "refsource" : "MISC", - "url" : "http://www.youfucktard.com/blog/2006/08/02/ozjournal-v15-xss/" - }, - { - "name" : "19311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19311" - }, - { - "name" : "ADV-2006-3142", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3142" - }, - { - "name" : "21311", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21311" - }, - { - "name" : "ozjournals-index-archive-xss(28188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a \"submit comment\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19311" + }, + { + "name": "20060802 OZJournal v1.5 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442035/100/200/threaded" + }, + { + "name": "ozjournals-index-archive-xss(28188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28188" + }, + { + "name": "ADV-2006-3142", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3142" + }, + { + "name": "http://www.youfucktard.com/blog/2006/08/02/ozjournal-v15-xss/", + "refsource": "MISC", + "url": "http://www.youfucktard.com/blog/2006/08/02/ozjournal-v15-xss/" + }, + { + "name": "21311", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21311" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4305.json b/2006/4xxx/CVE-2006-4305.json index dd004a4f26f..fc66616a7cf 100644 --- a/2006/4xxx/CVE-2006-4305.json +++ b/2006/4xxx/CVE-2006-4305.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060828 SYMSA-2006-009", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444601/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt" - }, - { - "name" : "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html", - "refsource" : "CONFIRM", - "url" : "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html" - }, - { - "name" : "DSA-1190", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1190" - }, - { - "name" : "19660", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19660" - }, - { - "name" : "ADV-2006-3410", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3410" - }, - { - "name" : "1016766", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016766" - }, - { - "name" : "21677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21677" - }, - { - "name" : "22518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22518" - }, - { - "name" : "maxdb-webdbm-bo(28636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "maxdb-webdbm-bo(28636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28636" + }, + { + "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt" + }, + { + "name": "DSA-1190", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1190" + }, + { + "name": "20060828 SYMSA-2006-009", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444601/100/0/threaded" + }, + { + "name": "21677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21677" + }, + { + "name": "22518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22518" + }, + { + "name": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html", + "refsource": "CONFIRM", + "url": "http://dev.mysql.com/doc/maxdb/changes/changes_7.6.00.32.html" + }, + { + "name": "1016766", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016766" + }, + { + "name": "ADV-2006-3410", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3410" + }, + { + "name": "19660", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19660" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4559.json b/2006/4xxx/CVE-2006-4559.json index de74040b73f..b9b54b7a444 100644 --- a/2006/4xxx/CVE-2006-4559.json +++ b/2006/4xxx/CVE-2006-4559.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yetanothercommunitysystem.com/yacs/articles/view.php/1664", - "refsource" : "CONFIRM", - "url" : "http://www.yetanothercommunitysystem.com/yacs/articles/view.php/1664" - }, - { - "name" : "31301", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31301" - }, - { - "name" : "31302", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31302" - }, - { - "name" : "31303", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31303" - }, - { - "name" : "31304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31304" - }, - { - "name" : "31305", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31305" - }, - { - "name" : "31306", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31306" - }, - { - "name" : "31307", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31307" - }, - { - "name" : "31308", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31308" - }, - { - "name" : "31309", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31309" - }, - { - "name" : "31310", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31310" - }, - { - "name" : "21680", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31303", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31303" + }, + { + "name": "31304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31304" + }, + { + "name": "31305", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31305" + }, + { + "name": "31310", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31310" + }, + { + "name": "31306", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31306" + }, + { + "name": "31302", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31302" + }, + { + "name": "31301", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31301" + }, + { + "name": "31307", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31307" + }, + { + "name": "http://www.yetanothercommunitysystem.com/yacs/articles/view.php/1664", + "refsource": "CONFIRM", + "url": "http://www.yetanothercommunitysystem.com/yacs/articles/view.php/1664" + }, + { + "name": "31308", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31308" + }, + { + "name": "31309", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31309" + }, + { + "name": "21680", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21680" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6040.json b/2006/6xxx/CVE-2006-6040.json index ad957d51498..e18f4306cce 100644 --- a/2006/6xxx/CVE-2006-6040.json +++ b/2006/6xxx/CVE-2006-6040.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061117 XSS vBulletin 3.6.X Admin Control Painel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451959/100/0/threaded" - }, - { - "name" : "http://www.vbulletin.com/forum/showthread.php?postid=1256434", - "refsource" : "CONFIRM", - "url" : "http://www.vbulletin.com/forum/showthread.php?postid=1256434" - }, - { - "name" : "21157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21157" - }, - { - "name" : "ADV-2006-4599", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4599" - }, - { - "name" : "23011", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23011" - }, - { - "name" : "1903", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1903" - }, - { - "name" : "vbulletin-index-admin-control-xss(30408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vbulletin.com/forum/showthread.php?postid=1256434", + "refsource": "CONFIRM", + "url": "http://www.vbulletin.com/forum/showthread.php?postid=1256434" + }, + { + "name": "23011", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23011" + }, + { + "name": "21157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21157" + }, + { + "name": "vbulletin-index-admin-control-xss(30408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30408" + }, + { + "name": "ADV-2006-4599", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4599" + }, + { + "name": "1903", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1903" + }, + { + "name": "20061117 XSS vBulletin 3.6.X Admin Control Painel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451959/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6523.json b/2006/6xxx/CVE-2006-6523.json index a138a46cfc3..33054e34e02 100644 --- a/2006/6xxx/CVE-2006-6523.json +++ b/2006/6xxx/CVE-2006-6523.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061208 [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453888/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=67", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=67" - }, - { - "name" : "21497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21497" - }, - { - "name" : "23302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23302" - }, - { - "name" : "2028", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2028" - }, - { - "name" : "cpanel-boxtrapper-manage-xss(30788)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23302" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=67", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=67" + }, + { + "name": "20061208 [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded" + }, + { + "name": "21497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21497" + }, + { + "name": "2028", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2028" + }, + { + "name": "cpanel-boxtrapper-manage-xss(30788)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7075.json b/2006/7xxx/CVE-2006-7075.json index 890ab0d2fa1..98b1a77990e 100644 --- a/2006/7xxx/CVE-2006-7075.json +++ b/2006/7xxx/CVE-2006-7075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/aquabof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/aquabof-adv.txt" - }, - { - "name" : "aqualung-metareadflac-bo(28310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/aquabof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/aquabof-adv.txt" + }, + { + "name": "aqualung-metareadflac-bo(28310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28310" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2522.json b/2010/2xxx/CVE-2010-2522.json index 03d0740d296..ae140d0bb21 100644 --- a/2010/2xxx/CVE-2010-2522.json +++ b/2010/2xxx/CVE-2010-2522.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100706 patch for remote buffer overflows and local message spoofing in mipv6 daemon", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/06/5" - }, - { - "name" : "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/07/4" - }, - { - "name" : "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127850299910685&w=2" - }, - { - "name" : "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/07/09/1" - }, - { - "name" : "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127859390815405&w=2" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "41524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/07/4" + }, + { + "name": "[oss-security] 20100706 patch for remote buffer overflows and local message spoofing in mipv6 daemon", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/06/5" + }, + { + "name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/07/09/1" + }, + { + "name": "[oss-security] 20100707 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127850299910685&w=2" + }, + { + "name": "[oss-security] 20100708 Re: patch for remote buffer overflows and local message spoofing in mipv6 daemon", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127859390815405&w=2" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "41524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41524" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0106.json b/2011/0xxx/CVE-2011-0106.json index 12b90b6d768..eb257c35381 100644 --- a/2011/0xxx/CVE-2011-0106.json +++ b/2011/0xxx/CVE-2011-0106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0106", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0106", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0181.json b/2011/0xxx/CVE-2011-0181.json index c786bbfb2a4..8b82753d057 100644 --- a/2011/0xxx/CVE-2011-0181.json +++ b/2011/0xxx/CVE-2011-0181.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XBM image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0909.json b/2011/0xxx/CVE-2011-0909.json index c625a37fcec..0009b209012 100644 --- a/2011/0xxx/CVE-2011-0909.json +++ b/2011/0xxx/CVE-2011-0909.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729", - "refsource" : "CONFIRM", - "url" : "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729", + "refsource": "CONFIRM", + "url": "http://www.vanillaforums.org/discussion/comment/134729/#Comment_134729" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1021.json b/2011/1xxx/CVE-2011-1021.json index a1c2073d27e..b55ed7e4206 100644 --- a/2011/1xxx/CVE-2011-1021.json +++ b/2011/1xxx/CVE-2011-1021.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110225 Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/25/5" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=526b4af47f44148c9d665e57723ed9f86634c6e3", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=526b4af47f44148c9d665e57723ed9f86634c6e3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=680841", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=680841" - }, - { - "name" : "https://github.com/torvalds/linux/commit/526b4af47f44148c9d665e57723ed9f86634c6e3", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/526b4af47f44148c9d665e57723ed9f86634c6e3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110225 Re: CVE request: kernel: /sys/kernel/debug/acpi/custom_method can bypass module restrictions", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/25/5" + }, + { + "name": "https://github.com/torvalds/linux/commit/526b4af47f44148c9d665e57723ed9f86634c6e3", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/526b4af47f44148c9d665e57723ed9f86634c6e3" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=526b4af47f44148c9d665e57723ed9f86634c6e3", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=526b4af47f44148c9d665e57723ed9f86634c6e3" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=680841", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=680841" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1194.json b/2011/1xxx/CVE-2011-1194.json index 3a49544ed31..1d10016d7d1 100644 --- a/2011/1xxx/CVE-2011-1194.json +++ b/2011/1xxx/CVE-2011-1194.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70885", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70885" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=71167", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=71167" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" - }, - { - "name" : "46785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46785" - }, - { - "name" : "oval:org.mitre.oval:def:14461", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14461" - }, - { - "name" : "ADV-2011-0628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0628" - }, - { - "name" : "google-popup-sec-bypass(65958)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46785" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=71167", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=71167" + }, + { + "name": "oval:org.mitre.oval:def:14461", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14461" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70885", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70885" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html" + }, + { + "name": "google-popup-sec-bypass(65958)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65958" + }, + { + "name": "ADV-2011-0628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0628" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1305.json b/2011/1xxx/CVE-2011-1305.json index 002d9e866a0..3f24faf0f51 100644 --- a/2011/1xxx/CVE-2011-1305.json +++ b/2011/1xxx/CVE-2011-1305.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=70589", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=70589" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14305", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to linked lists and a database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14305", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14305" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=70589", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=70589" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1777.json b/2011/1xxx/CVE-2011-1777.json index dca2750173f..a47504b4843 100644 --- a/2011/1xxx/CVE-2011-1777.json +++ b/2011/1xxx/CVE-2011-1777.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/libarchive/source/detail?r=3158", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/libarchive/source/detail?r=3158" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=705849", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=705849" - }, - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "DSA-2413", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2413" - }, - { - "name" : "RHSA-2011:1507", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2011-1507.html" - }, - { - "name" : "48034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48034" + }, + { + "name": "RHSA-2011:1507", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2011-1507.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=705849", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=705849" + }, + { + "name": "http://code.google.com/p/libarchive/source/detail?r=3158", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/libarchive/source/detail?r=3158" + }, + { + "name": "DSA-2413", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2413" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4150.json b/2011/4xxx/CVE-2011-4150.json index 76ada65b0d7..685c8f9e620 100644 --- a/2011/4xxx/CVE-2011-4150.json +++ b/2011/4xxx/CVE-2011-4150.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4150", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4191.json b/2011/4xxx/CVE-2011-4191.json index c6cd67dbc37..193cf2e19e2 100644 --- a/2011/4xxx/CVE-2011-4191.json +++ b/2011/4xxx/CVE-2011-4191.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://download.novell.com/Download?buildid=Cfw1tDezgbw~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=Cfw1tDezgbw~" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=671020", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=671020" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=702491", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=702491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=671020", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=671020" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=702491", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=702491" + }, + { + "name": "http://download.novell.com/Download?buildid=Cfw1tDezgbw~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=Cfw1tDezgbw~" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4247.json b/2011/4xxx/CVE-2011-4247.json index 8cb9ab7e2de..8e918247a35 100644 --- a/2011/4xxx/CVE-2011-4247.json +++ b/2011/4xxx/CVE-2011-4247.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/11182011_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/11182011_player/en/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/11182011_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/11182011_player/en/" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4429.json b/2011/4xxx/CVE-2011-4429.json index b6a35a82ba8..0e9fc0081c7 100644 --- a/2011/4xxx/CVE-2011-4429.json +++ b/2011/4xxx/CVE-2011-4429.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4429", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4429", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4437.json b/2011/4xxx/CVE-2011-4437.json index be5e7ae28ff..6065c3f6708 100644 --- a/2011/4xxx/CVE-2011-4437.json +++ b/2011/4xxx/CVE-2011-4437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4585.json b/2011/4xxx/CVE-2011-4585.json index 787fdf7c0e4..927036f7952 100644 --- a/2011/4xxx/CVE-2011-4585.json +++ b/2011/4xxx/CVE-2011-4585.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=01dd64a8c8aa95f793accea371b2392e662663c5", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=01dd64a8c8aa95f793accea371b2392e662663c5" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191752", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191752" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - }, - { - "name" : "DSA-2421", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "DSA-2421", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2421" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191752", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191752" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=01dd64a8c8aa95f793accea371b2392e662663c5", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=01dd64a8c8aa95f793accea371b2392e662663c5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4923.json b/2011/4xxx/CVE-2011-4923.json index ce8913caf8d..bffeadc54f8 100644 --- a/2011/4xxx/CVE-2011-4923.json +++ b/2011/4xxx/CVE-2011-4923.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111027 CVE Request: Security issue in backuppc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/10/27/8" - }, - { - "name" : "[oss-security] 20120104 Re: CVE Request: Security issue in backuppc", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/04/15" - }, - { - "name" : "USN-1249-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1249-1" - }, - { - "name" : "50406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50406" - }, - { - "name" : "46615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46615" - }, - { - "name" : "backuppc-num-xss(71030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111027 CVE Request: Security issue in backuppc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/10/27/8" + }, + { + "name": "backuppc-num-xss(71030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71030" + }, + { + "name": "[oss-security] 20120104 Re: CVE Request: Security issue in backuppc", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/04/15" + }, + { + "name": "USN-1249-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1249-1" + }, + { + "name": "50406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50406" + }, + { + "name": "46615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46615" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5226.json b/2011/5xxx/CVE-2011-5226.json index 94d37acca9d..b18c9951e7b 100644 --- a/2011/5xxx/CVE-2011-5226.json +++ b/2011/5xxx/CVE-2011-5226.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html", - "refsource" : "MISC", - "url" : "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel" - }, - { - "name" : "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/" - }, - { - "name" : "51089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51089" - }, - { - "name" : "77778", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77778" - }, - { - "name" : "47020", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47020" - }, - { - "name" : "sentinel-unspecified-csrf(71857)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51089" + }, + { + "name": "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/" + }, + { + "name": "77778", + "refsource": "OSVDB", + "url": "http://osvdb.org/77778" + }, + { + "name": "sentinel-unspecified-csrf(71857)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71857" + }, + { + "name": "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html", + "refsource": "MISC", + "url": "http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel" + }, + { + "name": "47020", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47020" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5370.json b/2011/5xxx/CVE-2011-5370.json index 5e694193d34..3735c218ffa 100644 --- a/2011/5xxx/CVE-2011-5370.json +++ b/2011/5xxx/CVE-2011-5370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5370", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5370. Reason: This candidate is a duplicate of CVE-2012-5370. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5370 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-5370", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5370. Reason: This candidate is a duplicate of CVE-2012-5370. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5370 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5372.json b/2011/5xxx/CVE-2011-5372.json index d73b71ca841..9cfc5d29c7a 100644 --- a/2011/5xxx/CVE-2011-5372.json +++ b/2011/5xxx/CVE-2011-5372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5372", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5372. Reason: This candidate is a duplicate of CVE-2012-5372. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5372 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-5372", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5372. Reason: This candidate is a duplicate of CVE-2012-5372. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2012-5372 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2177.json b/2014/2xxx/CVE-2014-2177.json index 0e94172d866..e6928aa08f0 100644 --- a/2014/2xxx/CVE-2014-2177.json +++ b/2014/2xxx/CVE-2014-2177.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 Cisco RV Series multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533917/100/0/threaded" - }, - { - "name" : "20141106 Cisco RV Series multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/6" - }, - { - "name" : "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html" - }, - { - "name" : "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv" - }, - { - "name" : "1031171", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031171" - }, - { - "name" : "cisco-cve20142177-command-exec(98497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv" + }, + { + "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html" + }, + { + "name": "cisco-cve20142177-command-exec(98497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98497" + }, + { + "name": "20141106 Cisco RV Series multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/6" + }, + { + "name": "20141106 Cisco RV Series multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded" + }, + { + "name": "1031171", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031171" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2364.json b/2014/2xxx/CVE-2014-2364.json index 1e941ebc57e..566f4b64382 100644 --- a/2014/2xxx/CVE-2014-2364.json +++ b/2014/2xxx/CVE-2014-2364.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" - }, - { - "name" : "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html" - }, - { - "name" : "68714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" + }, + { + "name": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128384/Advantech-WebAccess-dvs.ocx-GetColor-Buffer-Overflow.html" + }, + { + "name": "68714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68714" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2445.json b/2014/2xxx/CVE-2014-2445.json index 46109b59745..da159a2891a 100644 --- a/2014/2xxx/CVE-2014-2445.json +++ b/2014/2xxx/CVE-2014-2445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2529.json b/2014/2xxx/CVE-2014-2529.json index f9bf132a9ff..f7e696de935 100644 --- a/2014/2xxx/CVE-2014-2529.json +++ b/2014/2xxx/CVE-2014-2529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3576.json b/2014/3xxx/CVE-2014-3576.json index a18a4b3b7bf..b3f447ba24c 100644 --- a/2014/3xxx/CVE-2014-3576.json +++ b/2014/3xxx/CVE-2014-3576.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151106 [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536862/100/0/threaded" - }, - { - "name" : "[dev] 20150721 About CVE-2014-3576", - "refsource" : "MLIST", - "url" : "http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html" - }, - { - "name" : "http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html" - }, - { - "name" : "https://github.com/apache/activemq/commit/00921f2", - "refsource" : "CONFIRM", - "url" : "https://github.com/apache/activemq/commit/00921f2" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" - }, - { - "name" : "DSA-3330", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3330" - }, - { - "name" : "76272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76272" - }, - { - "name" : "1033898", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" + }, + { + "name": "DSA-3330", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3330" + }, + { + "name": "76272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76272" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" + }, + { + "name": "[dev] 20150721 About CVE-2014-3576", + "refsource": "MLIST", + "url": "http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html" + }, + { + "name": "1033898", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033898" + }, + { + "name": "https://github.com/apache/activemq/commit/00921f2", + "refsource": "CONFIRM", + "url": "https://github.com/apache/activemq/commit/00921f2" + }, + { + "name": "20151106 [ANNOUNCE] CVE-2014-3576 - Apache ActiveMQ vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536862/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6507.json b/2014/6xxx/CVE-2014-6507.json index 98d292894e1..b1cf0a4706e 100644 --- a/2014/6xxx/CVE-2014-6507.json +++ b/2014/6xxx/CVE-2014-6507.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201411-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70550" - }, - { - "name" : "61579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61579" - }, - { - "name" : "62073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62073" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "GLSA-201411-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70550" + }, + { + "name": "61579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61579" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6830.json b/2014/6xxx/CVE-2014-6830.json index 5d2f1a2d59f..1616c2dfd1b 100644 --- a/2014/6xxx/CVE-2014-6830.json +++ b/2014/6xxx/CVE-2014-6830.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#712825", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/712825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#712825", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/712825" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7178.json b/2014/7xxx/CVE-2014-7178.json index bd036c31320..acf8dffb225 100644 --- a/2014/7xxx/CVE-2014-7178.json +++ b/2014/7xxx/CVE-2014-7178.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141028 CVE-2014-7178 - Remote Command Execution in Enalean Tuleap", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Oct/121" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/" - }, - { - "name" : "https://www.tuleap.org/recent-vulnerabilities", - "refsource" : "CONFIRM", - "url" : "https://www.tuleap.org/recent-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141028 CVE-2014-7178 - Remote Command Execution in Enalean Tuleap", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Oct/121" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-7178/" + }, + { + "name": "https://www.tuleap.org/recent-vulnerabilities", + "refsource": "CONFIRM", + "url": "https://www.tuleap.org/recent-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7347.json b/2014/7xxx/CVE-2014-7347.json index 28fced78f20..1ef0fda2dd5 100644 --- a/2014/7xxx/CVE-2014-7347.json +++ b/2014/7xxx/CVE-2014-7347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7347", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7347", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7466.json b/2014/7xxx/CVE-2014-7466.json index 8aeb0084233..c1a9410bad5 100644 --- a/2014/7xxx/CVE-2014-7466.json +++ b/2014/7xxx/CVE-2014-7466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#730161", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/730161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#730161", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/730161" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7615.json b/2014/7xxx/CVE-2014-7615.json index 33c8621db6a..95563368389 100644 --- a/2014/7xxx/CVE-2014-7615.json +++ b/2014/7xxx/CVE-2014-7615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7615", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7615", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7730.json b/2014/7xxx/CVE-2014-7730.json index 3842ddb125b..bacb0b75529 100644 --- a/2014/7xxx/CVE-2014-7730.json +++ b/2014/7xxx/CVE-2014-7730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7730", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7730", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0163.json b/2017/0xxx/CVE-2017-0163.json index c9ba805f4cd..b70565ded39 100644 --- a/2017/0xxx/CVE-2017-0163.json +++ b/2017/0xxx/CVE-2017-0163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Windows" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163" - }, - { - "name" : "97465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97465" - }, - { - "name" : "1038233", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0163" + }, + { + "name": "97465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97465" + }, + { + "name": "1038233", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038233" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0480.json b/2017/0xxx/CVE-2017-0480.json index a5b11a8fc26..6e49dcee978 100644 --- a/2017/0xxx/CVE-2017-0480.json +++ b/2017/0xxx/CVE-2017-0480.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96958" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96958" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18230.json b/2017/18xxx/CVE-2017-18230.json index e66a037a2d0..ca33507df94 100644 --- a/2017/18xxx/CVE-2017-18230.json +++ b/2017/18xxx/CVE-2017-18230.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html" - }, - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/473/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/473/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer dereference vulnerability was found in the function ReadCINEONImage in coders/cineon.c, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/473/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/473/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1730.json b/2017/1xxx/CVE-2017-1730.json index ea28316d859..792f0bff724 100644 --- a/2017/1xxx/CVE-2017-1730.json +++ b/2017/1xxx/CVE-2017-1730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1845.json b/2017/1xxx/CVE-2017-1845.json index 4199751aa07..9067bddb309 100644 --- a/2017/1xxx/CVE-2017-1845.json +++ b/2017/1xxx/CVE-2017-1845.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1845", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1845", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1848.json b/2017/1xxx/CVE-2017-1848.json index e411cfae80a..82b04687660 100644 --- a/2017/1xxx/CVE-2017-1848.json +++ b/2017/1xxx/CVE-2017-1848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1848", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1848", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1973.json b/2017/1xxx/CVE-2017-1973.json index c7358b0e5b1..da06bc70454 100644 --- a/2017/1xxx/CVE-2017-1973.json +++ b/2017/1xxx/CVE-2017-1973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1973", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1973", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5142.json b/2017/5xxx/CVE-2017-5142.json index 34be0846036..12555f1efdc 100644 --- a/2017/5xxx/CVE-2017-5142.json +++ b/2017/5xxx/CVE-2017-5142.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honeywell XL Web II Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Honeywell XL Web II Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Honeywell XL Web II Controller Improper Privilege Management" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honeywell XL Web II Controller", + "version": { + "version_data": [ + { + "version_value": "Honeywell XL Web II Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01" - }, - { - "name" : "95971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95971" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Honeywell XL Web II Controller Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95971" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5342.json b/2017/5xxx/CVE-2017-5342.json index bfe127a947a..0951148dd17 100644 --- a/2017/5xxx/CVE-2017-5342.json +++ b/2017/5xxx/CVE-2017-5342.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", - "refsource" : "CONFIRM", - "url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" - }, - { - "name" : "DSA-3775", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3775" - }, - { - "name" : "GLSA-201702-30", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-30" - }, - { - "name" : "RHSA-2017:1871", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1871" - }, - { - "name" : "95852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95852" - }, - { - "name" : "1037755", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037755", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037755" + }, + { + "name": "DSA-3775", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3775" + }, + { + "name": "RHSA-2017:1871", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1871" + }, + { + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html", + "refsource": "CONFIRM", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1494526.html" + }, + { + "name": "95852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95852" + }, + { + "name": "GLSA-201702-30", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-30" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5585.json b/2017/5xxx/CVE-2017-5585.json index f34a063d468..2925bd5972e 100644 --- a/2017/5xxx/CVE-2017-5585.json +++ b/2017/5xxx/CVE-2017-5585.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html" - }, - { - "name" : "96224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html" + }, + { + "name": "96224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96224" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5691.json b/2017/5xxx/CVE-2017-5691.json index ee8851bce8c..671e7e7401c 100644 --- a/2017/5xxx/CVE-2017-5691.json +++ b/2017/5xxx/CVE-2017-5691.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-07-25T00:00:00", - "ID" : "CVE-2017-5691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families.", - "version" : { - "version_data" : [ - { - "version_value" : "6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-07-25T00:00:00", + "ID": "CVE-2017-5691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families.", + "version": { + "version_data": [ + { + "version_value": "6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Processor Families, and Intel Xeon E3-1200 v5 and v6 Product Families." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us" - }, - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-15184", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-15184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00076&languageid=en-fr" + }, + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-15184", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-15184" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us" + } + ] + } +} \ No newline at end of file