diff --git a/2006/3xxx/CVE-2006-3198.json b/2006/3xxx/CVE-2006-3198.json index 5e1f42a270a..d23383482a9 100644 --- a/2006/3xxx/CVE-2006-3198.json +++ b/2006/3xxx/CVE-2006-3198.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060622 VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438074/100/0/threaded" - }, - { - "name" : "http://www.vigilantminds.com/advi_detail.php?id=45", - "refsource" : "MISC", - "url" : "http://www.vigilantminds.com/advi_detail.php?id=45" - }, - { - "name" : "SUSE-SA:2006:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_38_opera.html" - }, - { - "name" : "18594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18594" - }, - { - "name" : "ADV-2006-2491", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2491" - }, - { - "name" : "1016362", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016362" - }, - { - "name" : "20787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20787" - }, - { - "name" : "20897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20897" - }, - { - "name" : "1133", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1133" - }, - { - "name" : "opera-jpeg-bo(27318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2006:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_38_opera.html" + }, + { + "name": "20897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20897" + }, + { + "name": "18594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18594" + }, + { + "name": "20060622 VigilantMinds Advisory: Opera JPEG Processing Integer Overflow Vulnerability (VMSA-20060621-01)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438074/100/0/threaded" + }, + { + "name": "ADV-2006-2491", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2491" + }, + { + "name": "20787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20787" + }, + { + "name": "1133", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1133" + }, + { + "name": "1016362", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016362" + }, + { + "name": "http://www.vigilantminds.com/advi_detail.php?id=45", + "refsource": "MISC", + "url": "http://www.vigilantminds.com/advi_detail.php?id=45" + }, + { + "name": "opera-jpeg-bo(27318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27318" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3718.json b/2006/3xxx/CVE-2006-3718.json index 211acfc86e1..97726351abe 100644 --- a/2006/3xxx/CVE-2006-3718.json +++ b/2006/3xxx/CVE-2006-3718.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3725.json b/2006/3xxx/CVE-2006-3725.json index d0fc99aa391..1287020dcfa 100644 --- a/2006/3xxx/CVE-2006-3725.json +++ b/2006/3xxx/CVE-2006-3725.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SNDSrvc and (2) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SymEvent registry keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060715 Norton Insufficient protection of Norton service registry keys", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440110/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php" - }, - { - "name" : "18995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18995" - }, - { - "name" : "1241", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1241" - }, - { - "name" : "symantec-firewall-registry-dos(27764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SNDSrvc and (2) HKLM\\SYSTEM\\CurrentControlSet\\Services\\SymEvent registry keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1241", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1241" + }, + { + "name": "symantec-firewall-registry-dos(27764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27764" + }, + { + "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-protection-of-Norton-service-registry-keys.php" + }, + { + "name": "18995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18995" + }, + { + "name": "20060715 Norton Insufficient protection of Norton service registry keys", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440110/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4115.json b/2006/4xxx/CVE-2006-4115.json index 8613d4d6d0c..f6aa25cc4f4 100644 --- a/2006/4xxx/CVE-2006-4115.json +++ b/2006/4xxx/CVE-2006-4115.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060809 PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442684/100/0/threaded" - }, - { - "name" : "19439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19439" - }, - { - "name" : "ADV-2006-3240", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3240" - }, - { - "name" : "1375", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1375" - }, - { - "name" : "pgmarket-common-file-include(28290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19439" + }, + { + "name": "1375", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1375" + }, + { + "name": "20060809 PgMarket 2.2.3 (CFG[libdir]) Remote File Inclusion Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442684/100/0/threaded" + }, + { + "name": "ADV-2006-3240", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3240" + }, + { + "name": "pgmarket-common-file-include(28290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28290" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4438.json b/2006/4xxx/CVE-2006-4438.json index b984bc8d334..e18ba02d333 100644 --- a/2006/4xxx/CVE-2006-4438.json +++ b/2006/4xxx/CVE-2006-4438.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060420 Dr.Web 4.33 antivirus LHA long directory name heap overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html" - }, - { - "name" : "20119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20119" - }, - { - "name" : "ADV-2006-3719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3719" - }, - { - "name" : "22019", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20119" + }, + { + "name": "22019", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22019" + }, + { + "name": "ADV-2006-3719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3719" + }, + { + "name": "20060420 Dr.Web 4.33 antivirus LHA long directory name heap overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049552.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4783.json b/2006/4xxx/CVE-2006-4783.json index 5010ae3c6c5..51a7d94d71a 100644 --- a/2006/4xxx/CVE-2006-4783.json +++ b/2006/4xxx/CVE-2006-4783.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cms.webspell.org/index.php?site=files&file=11", - "refsource" : "CONFIRM", - "url" : "http://cms.webspell.org/index.php?site=files&file=11" - }, - { - "name" : "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D", - "refsource" : "CONFIRM", - "url" : "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D" - }, - { - "name" : "ADV-2006-3572", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3572" - }, - { - "name" : "21881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21881" - }, - { - "name" : "webspell-squads-sql-injection(28898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21881" + }, + { + "name": "webspell-squads-sql-injection(28898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28898" + }, + { + "name": "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D", + "refsource": "CONFIRM", + "url": "http://translate.google.com/translate?hl=en&sl=de&u=http://webspell.org/&sa=X&oi=translate&resnum=2&ct=result&prev=/search%3Fq%3Dwebspell%26hl%3Den%26lr%3D" + }, + { + "name": "ADV-2006-3572", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3572" + }, + { + "name": "http://cms.webspell.org/index.php?site=files&file=11", + "refsource": "CONFIRM", + "url": "http://cms.webspell.org/index.php?site=files&file=11" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4846.json b/2006/4xxx/CVE-2006-4846.json index 16e4139b355..95757e23f87 100644 --- a/2006/4xxx/CVE-2006-4846.json +++ b/2006/4xxx/CVE-2006-4846.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX110439", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX110439" - }, - { - "name" : "http://support.citrix.com/article/CTX110950", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX110950" - }, - { - "name" : "VU#658620", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/658620" - }, - { - "name" : "20066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20066" - }, - { - "name" : "ADV-2006-3643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3643" - }, - { - "name" : "28938", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28938" - }, - { - "name" : "1016874", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016874" - }, - { - "name" : "21941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21941" - }, - { - "name" : "citrix-acc-ldap-auth-bypass(28990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016874", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016874" + }, + { + "name": "ADV-2006-3643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3643" + }, + { + "name": "VU#658620", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/658620" + }, + { + "name": "20066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20066" + }, + { + "name": "http://support.citrix.com/article/CTX110950", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX110950" + }, + { + "name": "21941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21941" + }, + { + "name": "citrix-acc-ldap-auth-bypass(28990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28990" + }, + { + "name": "28938", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28938" + }, + { + "name": "http://support.citrix.com/article/CTX110439", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX110439" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6007.json b/2006/6xxx/CVE-2006-6007.json index 72654a57bd7..4737eb6955f 100644 --- a/2006/6xxx/CVE-2006-6007.json +++ b/2006/6xxx/CVE-2006-6007.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061112 Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451411/100/0/threaded" - }, - { - "name" : "1888", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1888", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1888" + }, + { + "name": "20061112 Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451411/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6034.json b/2006/6xxx/CVE-2006-6034.json index 0471f6b297a..edba869b976 100644 --- a/2006/6xxx/CVE-2006-6034.json +++ b/2006/6xxx/CVE-2006-6034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061114 E-commerce Kit 1 PayPal Edition [ injection sql ]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451771/100/0/threaded" - }, - { - "name" : "21056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21056" - }, - { - "name" : "ADV-2006-4571", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4571" - }, - { - "name" : "22975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22975" - }, - { - "name" : "1900", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1900" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21056" + }, + { + "name": "1900", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1900" + }, + { + "name": "22975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22975" + }, + { + "name": "ADV-2006-4571", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4571" + }, + { + "name": "20061114 E-commerce Kit 1 PayPal Edition [ injection sql ]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451771/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6853.json b/2006/6xxx/CVE-2006-6853.json index 2713ddf2291..d8e71428a25 100644 --- a/2006/6xxx/CVE-2006-6853.json +++ b/2006/6xxx/CVE-2006-6853.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3037", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3037" - }, - { - "name" : "3038", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3038" - }, - { - "name" : "21808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21808" - }, - { - "name" : "1017456", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017456" - }, - { - "name" : "durian-web-bo(31161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21808" + }, + { + "name": "1017456", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017456" + }, + { + "name": "3037", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3037" + }, + { + "name": "durian-web-bo(31161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31161" + }, + { + "name": "3038", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3038" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6938.json b/2006/6xxx/CVE-2006-6938.json index 69310ade191..407efc56ddf 100644 --- a/2006/6xxx/CVE-2006-6938.json +++ b/2006/6xxx/CVE-2006-6938.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via \"..\" sequences in the root parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2685", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2685" - }, - { - "name" : "20810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20810" - }, - { - "name" : "nitrotech-common-file-include(29904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/common.php in NitroTech 0.0.3a, as distributed before 2006, allows remote attackers to include arbitrary files via \"..\" sequences in the root parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2685", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2685" + }, + { + "name": "nitrotech-common-file-include(29904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29904" + }, + { + "name": "20810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20810" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2058.json b/2010/2xxx/CVE-2010-2058.json index 82583d7a406..2d3038be54f 100644 --- a/2010/2xxx/CVE-2010-2058.json +++ b/2010/2xxx/CVE-2010-2058.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100602 prewikka permission bug", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2010/06/01/13" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=270056", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=270056" - }, - { - "name" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d", - "refsource" : "CONFIRM", - "url" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d" - }, - { - "name" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py", - "refsource" : "CONFIRM", - "url" : "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py" - }, - { - "name" : "FEDORA-2009-3789", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html" - }, - { - "name" : "GLSA-201101-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201101-07.xml" - }, - { - "name" : "42820", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42820" - }, - { - "name" : "prewikka-setup-information-disclosure(59223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201101-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201101-07.xml" + }, + { + "name": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d", + "refsource": "CONFIRM", + "url": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d" + }, + { + "name": "FEDORA-2009-3789", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html" + }, + { + "name": "[oss-security] 20100602 prewikka permission bug", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2010/06/01/13" + }, + { + "name": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py", + "refsource": "CONFIRM", + "url": "https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d/diff/setup.py" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=270056", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=270056" + }, + { + "name": "prewikka-setup-information-disclosure(59223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59223" + }, + { + "name": "42820", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42820" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2152.json b/2010/2xxx/CVE-2010-2152.json index bbaaa76ba52..163f68fae79 100644 --- a/2010/2xxx/CVE-2010-2152.json +++ b/2010/2xxx/CVE-2010-2152.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to \"product character attribute processing\" for a document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ipa.go.jp/about/press/20100601.html", - "refsource" : "MISC", - "url" : "http://www.ipa.go.jp/about/press/20100601.html" - }, - { - "name" : "http://www.justsystems.com/jp/info/js10002.html", - "refsource" : "CONFIRM", - "url" : "http://www.justsystems.com/jp/info/js10002.html" - }, - { - "name" : "JVN#17293765", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN17293765/index.html" - }, - { - "name" : "JVNDB-2010-000024", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html" - }, - { - "name" : "40472", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40472" - }, - { - "name" : "65050", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65050" - }, - { - "name" : "40008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40008" - }, - { - "name" : "ADV-2010-1283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1283" - }, - { - "name" : "ichitaro-attributes-code-execution(59037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to \"product character attribute processing\" for a document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ichitaro-attributes-code-execution(59037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59037" + }, + { + "name": "40472", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40472" + }, + { + "name": "JVN#17293765", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN17293765/index.html" + }, + { + "name": "ADV-2010-1283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1283" + }, + { + "name": "40008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40008" + }, + { + "name": "http://www.justsystems.com/jp/info/js10002.html", + "refsource": "CONFIRM", + "url": "http://www.justsystems.com/jp/info/js10002.html" + }, + { + "name": "65050", + "refsource": "OSVDB", + "url": "http://osvdb.org/65050" + }, + { + "name": "JVNDB-2010-000024", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000024.html" + }, + { + "name": "http://www.ipa.go.jp/about/press/20100601.html", + "refsource": "MISC", + "url": "http://www.ipa.go.jp/about/press/20100601.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2677.json b/2010/2xxx/CVE-2010-2677.json index e23b13c8492..70b77103467 100644 --- a/2010/2xxx/CVE-2010-2677.json +++ b/2010/2xxx/CVE-2010-2677.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11903", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/11903" - }, - { - "name" : "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt" - }, - { - "name" : "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm", - "refsource" : "MISC", - "url" : "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm" - }, - { - "name" : "http://www.openwebanalytics.com/?p=87", - "refsource" : "CONFIRM", - "url" : "http://www.openwebanalytics.com/?p=87" - }, - { - "name" : "63288", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/63288" - }, - { - "name" : "39153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39153" - }, - { - "name" : "owa-mwplugin-file-include(57241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openwebanalytics.com/?p=87", + "refsource": "CONFIRM", + "url": "http://www.openwebanalytics.com/?p=87" + }, + { + "name": "11903", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/11903" + }, + { + "name": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt" + }, + { + "name": "39153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39153" + }, + { + "name": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm", + "refsource": "MISC", + "url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm" + }, + { + "name": "63288", + "refsource": "OSVDB", + "url": "http://osvdb.org/63288" + }, + { + "name": "owa-mwplugin-file-include(57241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0020.json b/2011/0xxx/CVE-2011-0020.json index 38e3f1653ac..106b425eae7 100644 --- a/2011/0xxx/CVE-2011-0020.json +++ b/2011/0xxx/CVE-2011-0020.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110118 CVE request: heap corruption in libpango", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/18/6" - }, - { - "name" : "[oss-security] 20110120 Re: CVE request: heap corruption in libpango", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/20/2" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=639882", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=639882" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=671122", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=671122" - }, - { - "name" : "RHSA-2011:0180", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0180.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "45842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45842" - }, - { - "name" : "70596", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70596" - }, - { - "name" : "1024994", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024994" - }, - { - "name" : "42934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42934" - }, - { - "name" : "43100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43100" - }, - { - "name" : "ADV-2011-0186", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0186" - }, - { - "name" : "ADV-2011-0238", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0238" - }, - { - "name" : "pango-pango-bo(64832)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=671122", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=671122" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=639882", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=639882" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616" + }, + { + "name": "1024994", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024994" + }, + { + "name": "pango-pango-bo(64832)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64832" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "[oss-security] 20110118 CVE request: heap corruption in libpango", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/18/6" + }, + { + "name": "70596", + "refsource": "OSVDB", + "url": "http://osvdb.org/70596" + }, + { + "name": "43100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43100" + }, + { + "name": "RHSA-2011:0180", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0180.html" + }, + { + "name": "[oss-security] 20110120 Re: CVE request: heap corruption in libpango", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/20/2" + }, + { + "name": "ADV-2011-0186", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0186" + }, + { + "name": "42934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42934" + }, + { + "name": "45842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45842" + }, + { + "name": "ADV-2011-0238", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0238" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0073.json b/2011/0xxx/CVE-2011-0073.json index 113a1103369..92daacdf434 100644 --- a/2011/0xxx/CVE-2011-0073.json +++ b/2011/0xxx/CVE-2011-0073.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=630919", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=630919" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100134543", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100134543" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100144158", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100144158" - }, - { - "name" : "DSA-2227", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2227" - }, - { - "name" : "DSA-2228", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2228" - }, - { - "name" : "DSA-2235", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2235" - }, - { - "name" : "MDVSA-2011:079", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" - }, - { - "name" : "oval:org.mitre.oval:def:14020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020" - }, - { - "name" : "8310", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a \"dangling pointer.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2228", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2228" + }, + { + "name": "oval:org.mitre.oval:def:14020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14020" + }, + { + "name": "MDVSA-2011:079", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:079" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=630919", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=630919" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-13.html" + }, + { + "name": "DSA-2235", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2235" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100134543", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100134543" + }, + { + "name": "DSA-2227", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2227" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100144158", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100144158" + }, + { + "name": "8310", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8310" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0609.json b/2011/0xxx/CVE-2011-0609.json index 3dfac00693b..334a6d6c1be 100644 --- a/2011/0xxx/CVE-2011-0609.json +++ b/2011/0xxx/CVE-2011-0609.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0609", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", - "refsource" : "MISC", - "url" : "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html" - }, - { - "name" : "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", - "refsource" : "CONFIRM", - "url" : "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html" - }, - { - "name" : "http://www.adobe.com/support/security/advisories/apsa11-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/advisories/apsa11-01.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-06.html" - }, - { - "name" : "RHSA-2011:0372", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0372.html" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "VU#192052", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/192052" - }, - { - "name" : "46860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46860" - }, - { - "name" : "oval:org.mitre.oval:def:14147", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147" - }, - { - "name" : "1025210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025210" - }, - { - "name" : "1025211", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025211" - }, - { - "name" : "1025238", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025238" - }, - { - "name" : "43751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43751" - }, - { - "name" : "43757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43757" - }, - { - "name" : "43772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43772" - }, - { - "name" : "43856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43856" - }, - { - "name" : "8152", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8152" - }, - { - "name" : "ADV-2011-0655", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0655" - }, - { - "name" : "ADV-2011-0656", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0656" - }, - { - "name" : "ADV-2011-0688", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0688" - }, - { - "name" : "ADV-2011-0732", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0732" - }, - { - "name" : "adobe-flash-authplay-ce(66078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46860" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html", + "refsource": "MISC", + "url": "http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html" + }, + { + "name": "ADV-2011-0732", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0732" + }, + { + "name": "http://www.adobe.com/support/security/advisories/apsa11-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" + }, + { + "name": "43751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43751" + }, + { + "name": "oval:org.mitre.oval:def:14147", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14147" + }, + { + "name": "ADV-2011-0656", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0656" + }, + { + "name": "1025211", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025211" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "adobe-flash-authplay-ce(66078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66078" + }, + { + "name": "ADV-2011-0655", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0655" + }, + { + "name": "1025210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025210" + }, + { + "name": "43856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43856" + }, + { + "name": "VU#192052", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/192052" + }, + { + "name": "43772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43772" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-06.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-06.html" + }, + { + "name": "8152", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8152" + }, + { + "name": "1025238", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025238" + }, + { + "name": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html", + "refsource": "CONFIRM", + "url": "http://blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html" + }, + { + "name": "RHSA-2011:0372", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0372.html" + }, + { + "name": "43757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43757" + }, + { + "name": "ADV-2011-0688", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0688" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0681.json b/2011/0xxx/CVE-2011-0681.json index 62c066c617a..d38c65ddfa8 100644 --- a/2011/0xxx/CVE-2011-0681.json +++ b/2011/0xxx/CVE-2011-0681.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1101/" - }, - { - "name" : "46036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46036" - }, - { - "name" : "70727", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70727" - }, - { - "name" : "oval:org.mitre.oval:def:12045", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12045" - }, - { - "name" : "43023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43023" - }, - { - "name" : "ADV-2011-0231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cascading Style Sheets (CSS) Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1101/" + }, + { + "name": "ADV-2011-0231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0231" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1101/" + }, + { + "name": "46036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46036" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1101/" + }, + { + "name": "oval:org.mitre.oval:def:12045", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12045" + }, + { + "name": "70727", + "refsource": "OSVDB", + "url": "http://osvdb.org/70727" + }, + { + "name": "43023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43023" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0851.json b/2011/0xxx/CVE-2011-0851.json index eb88186b370..79188557179 100644 --- a/2011/0xxx/CVE-2011-0851.json +++ b/2011/0xxx/CVE-2011-0851.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0851", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 Bundle #19 and 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Learning Mgmt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1026.json b/2011/1xxx/CVE-2011-1026.json index 8871d5e2672..47b33d7c6dc 100644 --- a/2011/1xxx/CVE-2011-1026.json +++ b/2011/1xxx/CVE-2011-1026.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110527 [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518168/100/0/threaded" - }, - { - "name" : "20110531 [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html" - }, - { - "name" : "http://archiva.apache.org/docs/1.3.5/release-notes.html", - "refsource" : "CONFIRM", - "url" : "http://archiva.apache.org/docs/1.3.5/release-notes.html" - }, - { - "name" : "http://archiva.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://archiva.apache.org/security.html" - }, - { - "name" : "48015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48015" - }, - { - "name" : "44693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44693" - }, - { - "name" : "8266", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8266" - }, - { - "name" : "archiva-multiple-csrf(67671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8266", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8266" + }, + { + "name": "20110527 [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518168/100/0/threaded" + }, + { + "name": "44693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44693" + }, + { + "name": "archiva-multiple-csrf(67671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67671" + }, + { + "name": "48015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48015" + }, + { + "name": "http://archiva.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://archiva.apache.org/security.html" + }, + { + "name": "20110531 [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0532.html" + }, + { + "name": "http://archiva.apache.org/docs/1.3.5/release-notes.html", + "refsource": "CONFIRM", + "url": "http://archiva.apache.org/docs/1.3.5/release-notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1152.json b/2011/1xxx/CVE-2011-1152.json index 9cdace6c077..b290cbc3ab8 100644 --- a/2011/1xxx/CVE-2011-1152.json +++ b/2011/1xxx/CVE-2011-1152.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1152", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3712. Reason: This candidate is a duplicate of CVE-2010-3712. Notes: All CVE users should reference CVE-2010-3712 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1152", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-3712. Reason: This candidate is a duplicate of CVE-2010-3712. Notes: All CVE users should reference CVE-2010-3712 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1841.json b/2011/1xxx/CVE-2011-1841.json index 1e15d50e7f0..a4bc5a2ce14 100644 --- a/2011/1xxx/CVE-2011-1841.json +++ b/2011/1xxx/CVE-2011-1841.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", - "refsource" : "CONFIRM", - "url" : "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" - }, - { - "name" : "DSA-2239", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2239" - }, - { - "name" : "FEDORA-2011-6465", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html" - }, - { - "name" : "47713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47713" - }, - { - "name" : "mojolicious-linktohelper-xss(67257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes", + "refsource": "CONFIRM", + "url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes" + }, + { + "name": "mojolicious-linktohelper-xss(67257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257" + }, + { + "name": "47713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47713" + }, + { + "name": "DSA-2239", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2239" + }, + { + "name": "FEDORA-2011-6465", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1872.json b/2011/1xxx/CVE-2011-1872.json index 619bc536847..bf4d94d379f 100644 --- a/2011/1xxx/CVE-2011-1872.json +++ b/2011/1xxx/CVE-2011-1872.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka \"VMBus Persistent DoS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-047", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-047" - }, - { - "name" : "48179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48179" - }, - { - "name" : "oval:org.mitre.oval:def:12650", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12650" - }, - { - "name" : "1025644", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka \"VMBus Persistent DoS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48179" + }, + { + "name": "oval:org.mitre.oval:def:12650", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12650" + }, + { + "name": "MS11-047", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-047" + }, + { + "name": "1025644", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025644" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4009.json b/2011/4xxx/CVE-2011-4009.json index 2fc30f19747..f59cfa6b56c 100644 --- a/2011/4xxx/CVE-2011-4009.json +++ b/2011/4xxx/CVE-2011-4009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4009", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4009", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4105.json b/2011/4xxx/CVE-2011-4105.json index 6a2514edd1e..50b8b8f2367 100644 --- a/2011/4xxx/CVE-2011-4105.json +++ b/2011/4xxx/CVE-2011-4105.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[LightDM] 20111102 Version 1.0.6 released", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html" - }, - { - "name" : "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/9" - }, - { - "name" : "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/10" - }, - { - "name" : "[oss-security] 20111102 Re: [LightDM] Version 1.0.6 released", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/6" - }, - { - "name" : "USN-1262-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1262-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1262-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1262-1" + }, + { + "name": "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/9" + }, + { + "name": "[oss-security] 20111102 Re: Re: [LightDM] Version 1.0.6 released", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/10" + }, + { + "name": "[oss-security] 20111102 Re: [LightDM] Version 1.0.6 released", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/6" + }, + { + "name": "[LightDM] 20111102 Version 1.0.6 released", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4112.json b/2011/4xxx/CVE-2011-4112.json index 96b3ddbc525..e2613e285bf 100644 --- a/2011/4xxx/CVE-2011-4112.json +++ b/2011/4xxx/CVE-2011-4112.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111121 CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/21/4" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=751006", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=751006" - }, - { - "name" : "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100156038", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100156038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability to access /proc/net/pktgen/pgctrl, and then using the pktgen package in conjunction with a bridge device for a VLAN interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=751006", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=751006" + }, + { + "name": "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/550fd08c2cebad61c548def135f67aba284c6162" + }, + { + "name": "http://downloads.avaya.com/css/P8/documents/100156038", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100156038" + }, + { + "name": "[oss-security] 20111121 CVE-2011-4112 kernel: null ptr deref at dev_queue_xmit+0x35/0x4d0", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/21/4" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=550fd08c2cebad61c548def135f67aba284c6162" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4416.json b/2011/4xxx/CVE-2011-4416.json index 1f98f1dd75d..9e520876de8 100644 --- a/2011/4xxx/CVE-2011-4416.json +++ b/2011/4xxx/CVE-2011-4416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4416", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4416", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5099.json b/2011/5xxx/CVE-2011-5099.json index fcd6dcaf8f3..6c25f2c5d88 100644 --- a/2011/5xxx/CVE-2011-5099.json +++ b/2011/5xxx/CVE-2011-5099.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html" - }, - { - "name" : "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html", - "refsource" : "CONFIRM", - "url" : "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html" - }, - { - "name" : "53208", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53208" - }, - { - "name" : "48934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48934" - }, - { - "name" : "modccnewsletter-popup-sql-injection(75112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "modccnewsletter-popup-sql-injection(75112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75112" + }, + { + "name": "53208", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53208" + }, + { + "name": "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112092/Joomla-CCNewsLetter-1.0.7-SQL-Injection.html" + }, + { + "name": "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html", + "refsource": "CONFIRM", + "url": "http://www.chillcreations.com/blog/5-ccnewsletter-joomla-newsletter/274-ccnewsletter-1010-security-release.html" + }, + { + "name": "48934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48934" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5111.json b/2011/5xxx/CVE-2011-5111.json index 954c9558c12..d1e3110b7c3 100644 --- a/2011/5xxx/CVE-2011-5111.json +++ b/2011/5xxx/CVE-2011-5111.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt" - }, - { - "name" : "50797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50797" - }, - { - "name" : "balitbang-hal-sql-injection(71466)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71466" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50797" + }, + { + "name": "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/107254/cmsbalitbang-sql.txt" + }, + { + "name": "balitbang-hal-sql-injection(71466)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71466" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2006.json b/2014/2xxx/CVE-2014-2006.json index 77fc82049e0..c925f395b08 100644 --- a/2014/2xxx/CVE-2014-2006.json +++ b/2014/2xxx/CVE-2014-2006.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-2006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN80006084/995199/index.html" - }, - { - "name" : "JVN#80006084", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN80006084/index.html" - }, - { - "name" : "JVNDB-2014-000063", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN80006084/995199/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN80006084/995199/index.html" + }, + { + "name": "JVNDB-2014-000063", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000063" + }, + { + "name": "JVN#80006084", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN80006084/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2606.json b/2014/2xxx/CVE-2014-2606.json index 788efbeb616..3b036f35455 100644 --- a/2014/2xxx/CVE-2014-2606.json +++ b/2014/2xxx/CVE-2014-2606.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST03039", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" - }, - { - "name" : "SSRT101457", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" - }, - { - "name" : "68542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68542" - }, - { - "name" : "1030567", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030567" - }, - { - "name" : "hp-storevirtual-cve20142606-priv-esc(94496)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP StoreVirtual 4000 Storage and StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68542" + }, + { + "name": "1030567", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030567" + }, + { + "name": "HPSBST03039", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" + }, + { + "name": "hp-storevirtual-cve20142606-priv-esc(94496)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94496" + }, + { + "name": "SSRT101457", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04281279" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2725.json b/2014/2xxx/CVE-2014-2725.json index c9ec28df38e..03503b41af5 100644 --- a/2014/2xxx/CVE-2014-2725.json +++ b/2014/2xxx/CVE-2014-2725.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2725", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2725", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2884.json b/2014/2xxx/CVE-2014-2884.json index e712d9a310c..bc33162a1c6 100644 --- a/2014/2xxx/CVE-2014-2884.json +++ b/2014/2xxx/CVE-2014-2884.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140417 Re: TrueCrypt audit report", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/17/7" - }, - { - "name" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", - "refsource" : "MISC", - "url" : "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf", + "refsource": "MISC", + "url": "https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf" + }, + { + "name": "[oss-security] 20140417 Re: TrueCrypt audit report", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/17/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3248.json b/2014/3xxx/CVE-2014-3248.json index 8b685b17380..a87f915f0f7 100644 --- a/2014/3xxx/CVE-2014-3248.json +++ b/2014/3xxx/CVE-2014-3248.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", - "refsource" : "MISC", - "url" : "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" - }, - { - "name" : "http://puppetlabs.com/security/cve/cve-2014-3248", - "refsource" : "CONFIRM", - "url" : "http://puppetlabs.com/security/cve/cve-2014-3248" - }, - { - "name" : "68035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68035" - }, - { - "name" : "59197", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59197" - }, - { - "name" : "59200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://puppetlabs.com/security/cve/cve-2014-3248", + "refsource": "CONFIRM", + "url": "http://puppetlabs.com/security/cve/cve-2014-3248" + }, + { + "name": "59197", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59197" + }, + { + "name": "59200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59200" + }, + { + "name": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/", + "refsource": "MISC", + "url": "http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/" + }, + { + "name": "68035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68035" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3269.json b/2014/3xxx/CVE-2014-3269.json index 902a2064cbc..c50e32cf23a 100644 --- a/2014/3xxx/CVE-2014-3269.json +++ b/2014/3xxx/CVE-2014-3269.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268" - }, - { - "name" : "20140516 Cisco IOS XE Software SNMP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3269" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users to cause a denial of service (device reload) by polling frequently, aka Bug ID CSCug65204." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140516 Cisco IOS XE Software SNMP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3269" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34268" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3938.json b/2014/3xxx/CVE-2014-3938.json index 3d872fd5b4b..9230e426d63 100644 --- a/2014/3xxx/CVE-2014-3938.json +++ b/2014/3xxx/CVE-2014-3938.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3938", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2014-6/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2014-6/" - }, - { - "name" : "58000", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote attackers to execute arbitrary code via crafted layer mask data in a PSD file, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2014-6/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2014-6/" + }, + { + "name": "58000", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58000" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6298.json b/2014/6xxx/CVE-2014-6298.json index 64344ef9d79..7624e44da81 100644 --- a/2014/6xxx/CVE-2014-6298.json +++ b/2014/6xxx/CVE-2014-6298.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/mm_forum", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/mm_forum" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/extensions/repository/view/mm_forum", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/mm_forum" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6402.json b/2014/6xxx/CVE-2014-6402.json index 309a92b8477..702d834ab22 100644 --- a/2014/6xxx/CVE-2014-6402.json +++ b/2014/6xxx/CVE-2014-6402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6852.json b/2014/6xxx/CVE-2014-6852.json index 126e426a4bf..99d04bab16b 100644 --- a/2014/6xxx/CVE-2014-6852.json +++ b/2014/6xxx/CVE-2014-6852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#943473", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/943473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#943473", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/943473" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7182.json b/2014/7xxx/CVE-2014-7182.json index 5a094cc148b..49edc1c0cd9 100644 --- a/2014/7xxx/CVE-2014-7182.json +++ b/2014/7xxx/CVE-2014-7182.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141015 Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533699/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23236", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23236" - }, - { - "name" : "https://wordpress.org/plugins/wp-google-maps/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-google-maps/changelog" - }, - { - "name" : "70597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/wp-google-maps/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-google-maps/changelog" + }, + { + "name": "20141015 Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533699/100/0/threaded" + }, + { + "name": "70597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70597" + }, + { + "name": "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128694/WordPress-WP-Google-Maps-6.0.26-Cross-Site-Scripting.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23236", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23236" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7398.json b/2014/7xxx/CVE-2014-7398.json index f8b858d478d..97f71d815b0 100644 --- a/2014/7xxx/CVE-2014-7398.json +++ b/2014/7xxx/CVE-2014-7398.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#674985", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/674985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#674985", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/674985" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7576.json b/2014/7xxx/CVE-2014-7576.json index 75628f406cc..d9cfceb66da 100644 --- a/2014/7xxx/CVE-2014-7576.json +++ b/2014/7xxx/CVE-2014-7576.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#105097", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/105097" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#105097", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/105097" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7701.json b/2014/7xxx/CVE-2014-7701.json index 481cdbc2f6d..82145f94276 100644 --- a/2014/7xxx/CVE-2014-7701.json +++ b/2014/7xxx/CVE-2014-7701.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#881345", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/881345" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#881345", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/881345" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7768.json b/2014/7xxx/CVE-2014-7768.json index 5f8d60ee43c..1c2936648bf 100644 --- a/2014/7xxx/CVE-2014-7768.json +++ b/2014/7xxx/CVE-2014-7768.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#623329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/623329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#623329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/623329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7821.json b/2014/7xxx/CVE-2014-7821.json index 0b2dea78044..6e49b850d73 100644 --- a/2014/7xxx/CVE-2014-7821.json +++ b/2014/7xxx/CVE-2014-7821.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)", - "refsource" : "MLIST", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" - }, - { - "name" : "https://bugs.launchpad.net/neutron/+bug/1378450", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/neutron/+bug/1378450" - }, - { - "name" : "FEDORA-2015-5997", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html" - }, - { - "name" : "RHSA-2014:1938", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1938.html" - }, - { - "name" : "RHSA-2014:1942", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1942.html" - }, - { - "name" : "RHSA-2015:0044", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0044.html" - }, - { - "name" : "62586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62586" - }, - { - "name" : "neutron-cve20147821-dos(98818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1938", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1938.html" + }, + { + "name": "neutron-cve20147821-dos(98818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98818" + }, + { + "name": "RHSA-2015:0044", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0044.html" + }, + { + "name": "FEDORA-2015-5997", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155351.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" + }, + { + "name": "[openstack-announce] 20141119 [OSSA 2014-039] Neutron DoS through invalid DNS configuration (CVE-2014-7821)", + "refsource": "MLIST", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-November/000303.html" + }, + { + "name": "RHSA-2014:1942", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1942.html" + }, + { + "name": "62586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62586" + }, + { + "name": "https://bugs.launchpad.net/neutron/+bug/1378450", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/neutron/+bug/1378450" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2912.json b/2016/2xxx/CVE-2016-2912.json index 416c2bc3772..c768ee3de19 100644 --- a/2016/2xxx/CVE-2016-2912.json +++ b/2016/2xxx/CVE-2016-2912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21988263" - }, - { - "name" : "92335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21988263" + }, + { + "name": "92335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92335" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0376.json b/2017/0xxx/CVE-2017-0376.json index 46a53832ebb..3afe4ece8dd 100644 --- a/2017/0xxx/CVE-2017-0376.json +++ b/2017/0xxx/CVE-2017-0376.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-0376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tor before 0.3.0.8", - "version" : { - "version_data" : [ - { - "version_value" : "Tor before 0.3.0.8" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reachable assertion" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-0376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tor before 0.3.0.8", + "version": { + "version_data": [ + { + "version_value": "Tor before 0.3.0.8" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd", - "refsource" : "CONFIRM", - "url" : "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd" - }, - { - "name" : "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html", - "refsource" : "CONFIRM", - "url" : "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html" - }, - { - "name" : "https://trac.torproject.org/projects/tor/ticket/22494", - "refsource" : "CONFIRM", - "url" : "https://trac.torproject.org/projects/tor/ticket/22494" - }, - { - "name" : "DSA-3877", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reachable assertion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html", + "refsource": "CONFIRM", + "url": "https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html" + }, + { + "name": "DSA-3877", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3877" + }, + { + "name": "https://trac.torproject.org/projects/tor/ticket/22494", + "refsource": "CONFIRM", + "url": "https://trac.torproject.org/projects/tor/ticket/22494" + }, + { + "name": "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd", + "refsource": "CONFIRM", + "url": "https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18002.json b/2017/18xxx/CVE-2017-18002.json index 3a17a102eef..8718a656a92 100644 --- a/2017/18xxx/CVE-2017-18002.json +++ b/2017/18xxx/CVE-2017-18002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1334.json b/2017/1xxx/CVE-2017-1334.json index 75f1e096073..a07c23513bb 100644 --- a/2017/1xxx/CVE-2017-1334.json +++ b/2017/1xxx/CVE-2017-1334.json @@ -1,109 +1,109 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-27T00:00:00", - "ID" : "CVE-2017-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Engineering Lifecycle Manager", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-27T00:00:00", + "ID": "CVE-2017-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Engineering Lifecycle Manager", + "version": { + "version_data": [ + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008785", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008785" - }, - { - "name" : "101062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126242." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126242" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008785", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008785" + }, + { + "name": "101062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101062" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1356.json b/2017/1xxx/CVE-2017-1356.json index 2debcca1ae9..021e4a068a1 100644 --- a/2017/1xxx/CVE-2017-1356.json +++ b/2017/1xxx/CVE-2017-1356.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-14T00:00:00", - "ID" : "CVE-2017-1356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlas eDiscovery Process Management", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.3.2" - }, - { - "version_value" : "6.0.3.3" - }, - { - "version_value" : "6.0.3.4" - }, - { - "version_value" : "6.0.3.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-14T00:00:00", + "ID": "CVE-2017-1356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlas eDiscovery Process Management", + "version": { + "version_data": [ + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.3.2" + }, + { + "version_value": "6.0.3.3" + }, + { + "version_value": "6.0.3.4" + }, + { + "version_value": "6.0.3.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683" - }, - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg22005835", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg22005835" - }, - { - "name" : "102033", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126683." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg22005835", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg22005835" + }, + { + "name": "102033", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102033" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126683" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1372.json b/2017/1xxx/CVE-2017-1372.json index 845757de0ff..e50977d0997 100644 --- a/2017/1xxx/CVE-2017-1372.json +++ b/2017/1xxx/CVE-2017-1372.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.3" - }, - { - "version_value" : "3.3.1" - }, - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.3" + }, + { + "version_value": "3.3.1" + }, + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004675", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126865." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004675", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004675" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126865" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5439.json b/2017/5xxx/CVE-2017-5439.json index 8b845180c9f..5cb757ea4c2 100644 --- a/2017/5xxx/CVE-2017-5439.json +++ b/2017/5xxx/CVE-2017-5439.json @@ -1,144 +1,144 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free in nsTArray Length() during XSLT processing" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "103053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103053" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free in nsTArray Length() during XSLT processing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1336830" + }, + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "103053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103053" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5450.json b/2017/5xxx/CVE-2017-5450.json index 19192d21d86..8400a6cbfee 100644 --- a/2017/5xxx/CVE-2017-5450.json +++ b/2017/5xxx/CVE-2017-5450.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A mechanism to spoof the Firefox for Android addressbar using a \"javascript:\" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Addressbar spoofing using javascript: URI on Firefox for Android" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A mechanism to spoof the Firefox for Android addressbar using a \"javascript:\" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Addressbar spoofing using javascript: URI on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325955" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5567.json b/2017/5xxx/CVE-2017-5567.json index 30e2061eec3..7ebb1637461 100644 --- a/2017/5xxx/CVE-2017-5567.json +++ b/2017/5xxx/CVE-2017-5567.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a \"DoubleAgent\" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cybellum.com/doubleagent-taking-full-control-antivirus/", - "refsource" : "MISC", - "url" : "http://cybellum.com/doubleagent-taking-full-control-antivirus/" - }, - { - "name" : "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/", - "refsource" : "MISC", - "url" : "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/" - }, - { - "name" : "97017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Code injection vulnerability in Avast Premier 12.3 (and earlier), Internet Security 12.3 (and earlier), Pro Antivirus 12.3 (and earlier), and Free Antivirus 12.3 (and earlier) allows a local attacker to bypass a self-protection mechanism, inject arbitrary code, and take full control of any Avast process via a \"DoubleAgent\" attack. One perspective on this issue is that (1) these products do not use the Protected Processes feature, and therefore an attacker can enter an arbitrary Application Verifier Provider DLL under Image File Execution Options in the registry; (2) the self-protection mechanism is intended to block all local processes (regardless of privileges) from modifying Image File Execution Options for these products; and (3) this mechanism can be bypassed by an attacker who temporarily renames Image File Execution Options during the attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cybellum.com/doubleagent-taking-full-control-antivirus/", + "refsource": "MISC", + "url": "http://cybellum.com/doubleagent-taking-full-control-antivirus/" + }, + { + "name": "97017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97017" + }, + { + "name": "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/", + "refsource": "MISC", + "url": "http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5744.json b/2017/5xxx/CVE-2017-5744.json index 657b855bc23..ae51fd70b79 100644 --- a/2017/5xxx/CVE-2017-5744.json +++ b/2017/5xxx/CVE-2017-5744.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5744", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5744", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5782.json b/2017/5xxx/CVE-2017-5782.json index e7e8ef2188b..429720f46f1 100644 --- a/2017/5xxx/CVE-2017-5782.json +++ b/2017/5xxx/CVE-2017-5782.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-02-03T00:00:00", - "ID" : "CVE-2017-5782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Matrix Operating Environment", - "version" : { - "version_data" : [ - { - "version_value" : "v7.6" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "missing HSTS Header" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-02-03T00:00:00", + "ID": "CVE-2017-5782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Matrix Operating Environment", + "version": { + "version_data": [ + { + "version_value": "v7.6" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "missing HSTS Header" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05385680" + } + ] + } +} \ No newline at end of file