From 77df61ba0f19d5962fd6f292ac8b74d3405fbb47 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:48:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2096.json | 140 +++---- 2006/2xxx/CVE-2006-2342.json | 170 ++++----- 2006/2xxx/CVE-2006-2589.json | 140 +++---- 2006/2xxx/CVE-2006-2807.json | 150 ++++---- 2006/2xxx/CVE-2006-2894.json | 570 ++++++++++++++--------------- 2006/3xxx/CVE-2006-3659.json | 160 ++++---- 2006/3xxx/CVE-2006-3717.json | 230 ++++++------ 2006/3xxx/CVE-2006-3761.json | 200 +++++----- 2006/6xxx/CVE-2006-6053.json | 330 ++++++++--------- 2006/6xxx/CVE-2006-6200.json | 190 +++++----- 2006/6xxx/CVE-2006-6763.json | 130 +++---- 2006/7xxx/CVE-2006-7172.json | 170 ++++----- 2011/0xxx/CVE-2011-0161.json | 180 ++++----- 2011/0xxx/CVE-2011-0479.json | 190 +++++----- 2011/2xxx/CVE-2011-2183.json | 160 ++++---- 2011/2xxx/CVE-2011-2317.json | 120 +++--- 2011/2xxx/CVE-2011-2444.json | 180 ++++----- 2011/3xxx/CVE-2011-3069.json | 270 +++++++------- 2011/3xxx/CVE-2011-3666.json | 160 ++++---- 2011/4xxx/CVE-2011-4860.json | 120 +++--- 2013/1xxx/CVE-2013-1094.json | 140 +++---- 2013/1xxx/CVE-2013-1129.json | 120 +++--- 2013/1xxx/CVE-2013-1319.json | 140 +++---- 2013/5xxx/CVE-2013-5347.json | 34 +- 2013/5xxx/CVE-2013-5642.json | 210 +++++------ 2013/5xxx/CVE-2013-5645.json | 160 ++++---- 2013/5xxx/CVE-2013-5980.json | 34 +- 2014/2xxx/CVE-2014-2082.json | 34 +- 2014/2xxx/CVE-2014-2209.json | 120 +++--- 2014/6xxx/CVE-2014-6037.json | 210 +++++------ 2014/6xxx/CVE-2014-6234.json | 160 ++++---- 2014/6xxx/CVE-2014-6254.json | 130 +++---- 2014/6xxx/CVE-2014-6545.json | 130 +++---- 2014/6xxx/CVE-2014-6792.json | 140 +++---- 2017/0xxx/CVE-2017-0858.json | 140 +++---- 2017/0xxx/CVE-2017-0891.json | 130 +++---- 2017/1000xxx/CVE-2017-1000019.json | 37 +- 2017/1000xxx/CVE-2017-1000447.json | 34 +- 2017/18xxx/CVE-2017-18318.json | 130 +++---- 2017/1xxx/CVE-2017-1094.json | 34 +- 2017/1xxx/CVE-2017-1296.json | 34 +- 2017/1xxx/CVE-2017-1771.json | 34 +- 2017/1xxx/CVE-2017-1877.json | 34 +- 2017/1xxx/CVE-2017-1951.json | 34 +- 2017/4xxx/CVE-2017-4314.json | 34 +- 2017/4xxx/CVE-2017-4354.json | 34 +- 2017/4xxx/CVE-2017-4775.json | 34 +- 2017/4xxx/CVE-2017-4843.json | 34 +- 2017/4xxx/CVE-2017-4998.json | 140 +++---- 2017/5xxx/CVE-2017-5853.json | 130 +++---- 50 files changed, 3383 insertions(+), 3386 deletions(-) diff --git a/2006/2xxx/CVE-2006-2096.json b/2006/2xxx/CVE-2006-2096.json index ae7f7397afb..bb1b4f0397f 100644 --- a/2006/2xxx/CVE-2006-2096.json +++ b/2006/2xxx/CVE-2006-2096.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060427 Land Down Under 802 and below version Path Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432235/100/0/threaded" - }, - { - "name" : "814", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/814" - }, - { - "name" : "landdownunder-monthyear-path-disclosure(26143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plug.php in Land Down Under (LDU) 802 and earlier allows remote attackers to obtain sensitive information via an invalid (1) month or (2) year parameter, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060427 Land Down Under 802 and below version Path Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432235/100/0/threaded" + }, + { + "name": "landdownunder-monthyear-path-disclosure(26143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26143" + }, + { + "name": "814", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/814" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2342.json b/2006/2xxx/CVE-2006-2342.json index 9f07eed2c37..06ce1feff2e 100644 --- a/2006/2xxx/CVE-2006-2342.json +++ b/2006/2xxx/CVE-2006-2342.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PK10057", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24010245" - }, - { - "name" : "17900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17900" - }, - { - "name" : "ADV-2006-1724", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1724" - }, - { - "name" : "25368", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25368" - }, - { - "name" : "20025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20025" - }, - { - "name" : "websphere-welcome-auth-bypass(26312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17900" + }, + { + "name": "ADV-2006-1724", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1724" + }, + { + "name": "PK10057", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24010245" + }, + { + "name": "25368", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25368" + }, + { + "name": "websphere-welcome-auth-bypass(26312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26312" + }, + { + "name": "20025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20025" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2589.json b/2006/2xxx/CVE-2006-2589.json index db1c4d4031d..e8ba77628c9 100644 --- a/2006/2xxx/CVE-2006-2589.json +++ b/2006/2xxx/CVE-2006-2589.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060518 mybb v1.1.1(rss.php) SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434728/100/0/threaded" - }, - { - "name" : "952", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/952" - }, - { - "name" : "mybb-rss-sql-injection(28520)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mybb-rss-sql-injection(28520)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28520" + }, + { + "name": "952", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/952" + }, + { + "name": "20060518 mybb v1.1.1(rss.php) SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434728/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2807.json b/2006/2xxx/CVE-2006-2807.json index 118fb1c21fb..d1956c5dda0 100644 --- a/2006/2xxx/CVE-2006-2807.json +++ b/2006/2xxx/CVE-2006-2807.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060527 Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435209/100/0/threaded" - }, - { - "name" : "18170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18170" - }, - { - "name" : "1037", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1037" - }, - { - "name" : "speedyaspforum-user-account-manipulation(26811)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "speedyaspforum-user-account-manipulation(26811)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26811" + }, + { + "name": "1037", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1037" + }, + { + "name": "18170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18170" + }, + { + "name": "20060527 Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435209/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2894.json b/2006/2xxx/CVE-2006-2894.json index 9ffa959e02d..34a9a8d6216 100644 --- a/2006/2xxx/CVE-2006-2894.json +++ b/2006/2xxx/CVE-2006-2894.json @@ -1,287 +1,287 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070211 Firefox focus stealing vulnerability (possibly other browsers)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" - }, - { - "name" : "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" - }, - { - "name" : "20071029 FLEA-2007-0062-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482925/100/0/threaded" - }, - { - "name" : "20071026 rPSA-2007-0225-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482876/100/200/threaded" - }, - { - "name" : "20071029 rPSA-2007-0225-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/482932/100/200/threaded" - }, - { - "name" : "20060605 file upload widgets in IE and Firefox have issues", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" - }, - { - "name" : "20070211 Firefox focus stealing vulnerability (possibly other browsers)", - "refsource" : "FULLDISC", - "url" : "http://lists.virus.org/full-disclosure-0702/msg00225.html" - }, - { - "name" : "http://lcamtuf.coredump.cx/focusbug/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/focusbug/" - }, - { - "name" : "http://www.gnucitizen.org/blog/browser-focus-rip", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/browser-focus-rip" - }, - { - "name" : "http://www.thanhngan.org/fflinuxversion.html", - "refsource" : "MISC", - "url" : "http://www.thanhngan.org/fflinuxversion.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=290478", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=56236", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=370092", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" - }, - { - "name" : "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1858", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1858" - }, - { - "name" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" - }, - { - "name" : "FEDORA-2007-2664", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2007:202", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" - }, - { - "name" : "201516", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" - }, - { - "name" : "SUSE-SA:2007:057", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" - }, - { - "name" : "USN-535-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/535-1/" - }, - { - "name" : "USN-536-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-536-1" - }, - { - "name" : "18308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18308" - }, - { - "name" : "ADV-2006-2160", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2160" - }, - { - "name" : "ADV-2006-2162", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2162" - }, - { - "name" : "ADV-2006-2163", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2163" - }, - { - "name" : "ADV-2006-2164", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2164" - }, - { - "name" : "ADV-2007-3544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3544" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1018837", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018837" - }, - { - "name" : "20442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20442" - }, - { - "name" : "20467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20467" - }, - { - "name" : "20470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20470" - }, - { - "name" : "20472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20472" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "27335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27335" - }, - { - "name" : "27383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27383" - }, - { - "name" : "27403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27403" - }, - { - "name" : "27387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27387" - }, - { - "name" : "27298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27298" - }, - { - "name" : "27414", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27414" - }, - { - "name" : "1059", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20071026 rPSA-2007-0225-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482876/100/200/threaded" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "http://lcamtuf.coredump.cx/focusbug/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/focusbug/" + }, + { + "name": "27414", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27414" + }, + { + "name": "20071029 FLEA-2007-0062-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482925/100/0/threaded" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1858", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1858" + }, + { + "name": "ADV-2006-2163", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2163" + }, + { + "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0166.html" + }, + { + "name": "1059", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1059" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "27298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27298" + }, + { + "name": "1018837", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018837" + }, + { + "name": "ADV-2007-3544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3544" + }, + { + "name": "20470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20470" + }, + { + "name": "USN-535-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/535-1/" + }, + { + "name": "20472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20472" + }, + { + "name": "20467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20467" + }, + { + "name": "ADV-2006-2160", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2160" + }, + { + "name": "27383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27383" + }, + { + "name": "SUSE-SA:2007:057", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_57_mozilla.html" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "27387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27387" + }, + { + "name": "ADV-2006-2164", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2164" + }, + { + "name": "18308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18308" + }, + { + "name": "27403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27403" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=56236" + }, + { + "name": "20070212 Re: [Full-disclosure] Firefox focus stealing vulnerability (possibly other browsers)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0187.html" + }, + { + "name": "20070211 Firefox focus stealing vulnerability (possibly other browsers)", + "refsource": "FULLDISC", + "url": "http://lists.virus.org/full-disclosure-0702/msg00225.html" + }, + { + "name": "ADV-2006-2162", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2162" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290478" + }, + { + "name": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-32.html" + }, + { + "name": "20060605 file upload widgets in IE and Firefox have issues", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html" + }, + { + "name": "http://www.thanhngan.org/fflinuxversion.html", + "refsource": "MISC", + "url": "http://www.thanhngan.org/fflinuxversion.html" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "MDKSA-2007:202", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:202" + }, + { + "name": "27335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27335" + }, + { + "name": "FEDORA-2007-2664", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "20442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20442" + }, + { + "name": "http://www.gnucitizen.org/blog/browser-focus-rip", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/browser-focus-rip" + }, + { + "name": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/60eb95b75c76f9fbfcc9a89f99cd8f79.html" + }, + { + "name": "201516", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201516-1" + }, + { + "name": "20071029 rPSA-2007-0225-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/482932/100/200/threaded" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=370092" + }, + { + "name": "USN-536-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-536-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3659.json b/2006/3xxx/CVE-2006-3659.json index 1807ce375c9..5d0c13a85ba 100644 --- a/2006/3xxx/CVE-2006-3659.json +++ b/2006/3xxx/CVE-2006-3659.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html", - "refsource" : "MISC", - "url" : "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" - }, - { - "name" : "19013", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19013" - }, - { - "name" : "ADV-2006-2831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2831" - }, - { - "name" : "27108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27108" - }, - { - "name" : "ie-mhtmlfile-dos(27761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the location or URL property of a MHTMLFile ActiveX object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27108" + }, + { + "name": "19013", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19013" + }, + { + "name": "ie-mhtmlfile-dos(27761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27761" + }, + { + "name": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html", + "refsource": "MISC", + "url": "http://browserfun.blogspot.com/2006/07/mobb-16-mhtmlfile-location.html" + }, + { + "name": "ADV-2006-2831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2831" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3717.json b/2006/3xxx/CVE-2006-3717.json index 17829044d1c..b919d4778f9 100644 --- a/2006/3xxx/CVE-2006-3717.json +++ b/2006/3xxx/CVE-2006-3717.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" - }, - { - "name" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", - "refsource" : "MISC", - "url" : "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/440758/100/100/threaded" - }, - { - "name" : "TA06-200A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" - }, - { - "name" : "19054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19054" - }, - { - "name" : "ADV-2006-2863", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2863" - }, - { - "name" : "ADV-2006-2947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2947" - }, - { - "name" : "1016529", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016529" - }, - { - "name" : "21111", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21111" - }, - { - "name" : "21165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21165" - }, - { - "name" : "oracle-cpu-july-2006(27897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016529", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016529" + }, + { + "name": "19054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19054" + }, + { + "name": "oracle-cpu-july-2006(27897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27897" + }, + { + "name": "21165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21165" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "ADV-2006-2947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2947" + }, + { + "name": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html", + "refsource": "MISC", + "url": "http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/440758/100/100/threaded" + }, + { + "name": "TA06-200A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-200A.html" + }, + { + "name": "21111", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21111" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html" + }, + { + "name": "ADV-2006-2863", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2863" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3761.json b/2006/3xxx/CVE-2006-3761.json index bb949371c16..9201c14bffd 100644 --- a/2006/3xxx/CVE-2006-3761.json +++ b/2006/3xxx/CVE-2006-3761.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using \"javascript\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438588/100/200/threaded" - }, - { - "name" : "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=10115", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=10115" - }, - { - "name" : "http://www.mybboard.com/archive.php?nid=15", - "refsource" : "CONFIRM", - "url" : "http://www.mybboard.com/archive.php?nid=15" - }, - { - "name" : "18702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18702" - }, - { - "name" : "26808", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26808" - }, - { - "name" : "20873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20873" - }, - { - "name" : "1257", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1257" - }, - { - "name" : "mybb-url-tag-xss(27444)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using \"javascript\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26808", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26808" + }, + { + "name": "mybb-url-tag-xss(27444)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27444" + }, + { + "name": "20060628 [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438588/100/200/threaded" + }, + { + "name": "18702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18702" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=10115", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=10115" + }, + { + "name": "http://www.mybboard.com/archive.php?nid=15", + "refsource": "CONFIRM", + "url": "http://www.mybboard.com/archive.php?nid=15" + }, + { + "name": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-06-22/mybb-114-function_postphpxss-attack-in-url-tag.html" + }, + { + "name": "1257", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1257" + }, + { + "name": "20873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20873" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6053.json b/2006/6xxx/CVE-2006-6053.json index da5d9062fb2..e2ba68fe461 100644 --- a/2006/6xxx/CVE-2006-6053.json +++ b/2006/6xxx/CVE-2006-6053.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://projects.info-pull.com/mokb/MOKB-10-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-10-11-2006.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" - }, - { - "name" : "DSA-1304", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1304" - }, - { - "name" : "DSA-1503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1503" - }, - { - "name" : "MDKSA-2007:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:040" - }, - { - "name" : "MDKSA-2007:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" - }, - { - "name" : "RHSA-2007:0014", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2007-0014.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-416-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-416-1" - }, - { - "name" : "oval:org.mitre.oval:def:10992", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10992" - }, - { - "name" : "ADV-2006-4458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4458" - }, - { - "name" : "23997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23997" - }, - { - "name" : "24100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24100" - }, - { - "name" : "22776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22776" - }, - { - "name" : "24098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24098" - }, - { - "name" : "24206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24206" - }, - { - "name" : "24482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24482" - }, - { - "name" : "25714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25714" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "29058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24098" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "ADV-2006-4458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4458" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-10-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-10-11-2006.html" + }, + { + "name": "RHSA-2007:0014", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2007-0014.html" + }, + { + "name": "MDKSA-2007:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:040" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-063.htm" + }, + { + "name": "USN-416-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-416-1" + }, + { + "name": "24100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24100" + }, + { + "name": "24206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24206" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "23997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23997" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "24482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24482" + }, + { + "name": "DSA-1503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1503" + }, + { + "name": "oval:org.mitre.oval:def:10992", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10992" + }, + { + "name": "29058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29058" + }, + { + "name": "DSA-1304", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1304" + }, + { + "name": "25714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25714" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "22776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22776" + }, + { + "name": "MDKSA-2007:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:060" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6200.json b/2006/6xxx/CVE-2006-6200.json index 070a2202f76..3f0ab155def 100644 --- a/2006/6xxx/CVE-2006-6200.json +++ b/2006/6xxx/CVE-2006-6200.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061124 PHP-Nuke <= 7.9 News module \"sid\" SQL Injection vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452553/100/0/threaded" - }, - { - "name" : "http://www.neosecurityteam.net/index.php?action=advisories&id=30", - "refsource" : "MISC", - "url" : "http://www.neosecurityteam.net/index.php?action=advisories&id=30" - }, - { - "name" : "21277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21277" - }, - { - "name" : "ADV-2006-4739", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4739" - }, - { - "name" : "1017282", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017282" - }, - { - "name" : "23128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23128" - }, - { - "name" : "1935", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1935" - }, - { - "name" : "news-index-sql-injection(30525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21277" + }, + { + "name": "http://www.neosecurityteam.net/index.php?action=advisories&id=30", + "refsource": "MISC", + "url": "http://www.neosecurityteam.net/index.php?action=advisories&id=30" + }, + { + "name": "1935", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1935" + }, + { + "name": "news-index-sql-injection(30525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30525" + }, + { + "name": "23128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23128" + }, + { + "name": "ADV-2006-4739", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4739" + }, + { + "name": "1017282", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017282" + }, + { + "name": "20061124 PHP-Nuke <= 7.9 News module \"sid\" SQL Injection vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452553/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6763.json b/2006/6xxx/CVE-2006-6763.json index 5aaf446a158..d4a573a068e 100644 --- a/2006/6xxx/CVE-2006-6763.json +++ b/2006/6xxx/CVE-2006-6763.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061222 Re: Multiple Remote Vulnerabilities in KISGB", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455198/100/0/threaded" - }, - { - "name" : "http://www.security.nnov.ru/Pdocument470.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/Pdocument470.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.security.nnov.ru/Pdocument470.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/Pdocument470.html" + }, + { + "name": "20061222 Re: Multiple Remote Vulnerabilities in KISGB", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455198/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7172.json b/2006/7xxx/CVE-2006-7172.json index 31c08763fcd..221b8749dff 100644 --- a/2006/7xxx/CVE-2006-7172.json +++ b/2006/7xxx/CVE-2006-7172.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3496", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3496" - }, - { - "name" : "3497", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3497" - }, - { - "name" : "ADV-2007-1004", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1004" - }, - { - "name" : "34280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34280" - }, - { - "name" : "24553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24553" - }, - { - "name" : "phpstats-phpstatsrecphp-sql-injection(33031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1) PC-REMOTE-ADDR HTTP header, which is inserted into $_SERVER['HTTP_PC_REMOTE_ADDR'], or (2) ip parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "24553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24553" + }, + { + "name": "3496", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3496" + }, + { + "name": "34280", + "refsource": "OSVDB", + "url": "http://osvdb.org/34280" + }, + { + "name": "phpstats-phpstatsrecphp-sql-injection(33031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33031" + }, + { + "name": "ADV-2007-1004", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1004" + }, + { + "name": "3497", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3497" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0161.json b/2011/0xxx/CVE-2011-0161.json index 89d95e7a5ba..7f5d71e488f 100644 --- a/2011/0xxx/CVE-2011-0161.json +++ b/2011/0xxx/CVE-2011-0161.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "http://support.apple.com/kb/HT4566", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4566" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "APPLE-SA-2011-03-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" - }, - { - "name" : "46814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46814" - }, - { - "name" : "1025182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025182" - }, - { - "name" : "appleios-attr-code-execution(66000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "appleios-attr-code-execution(66000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66000" + }, + { + "name": "46814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46814" + }, + { + "name": "http://support.apple.com/kb/HT4566", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4566" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "APPLE-SA-2011-03-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html" + }, + { + "name": "1025182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025182" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0479.json b/2011/0xxx/CVE-2011-0479.json index 8bf554ed999..0987321f852 100644 --- a/2011/0xxx/CVE-2011-0479.json +++ b/2011/0xxx/CVE-2011-0479.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=67393", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=67393" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" - }, - { - "name" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", - "refsource" : "CONFIRM", - "url" : "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" - }, - { - "name" : "45788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45788" - }, - { - "name" : "70462", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70462" - }, - { - "name" : "oval:org.mitre.oval:def:14746", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14746" - }, - { - "name" : "42951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42951" - }, - { - "name" : "chrome-rouge-code-execution(64670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly interact with extensions, which allows remote attackers to cause a denial of service via a crafted extension that triggers an uninitialized pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html" + }, + { + "name": "45788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45788" + }, + { + "name": "oval:org.mitre.oval:def:14746", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14746" + }, + { + "name": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054", + "refsource": "CONFIRM", + "url": "http://www.srware.net/forum/viewtopic.php?f=18&t=2054" + }, + { + "name": "chrome-rouge-code-execution(64670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64670" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=67393", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=67393" + }, + { + "name": "70462", + "refsource": "OSVDB", + "url": "http://osvdb.org/70462" + }, + { + "name": "42951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42951" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2183.json b/2011/2xxx/CVE-2011-2183.json index 242684b1974..a96540b9804 100644 --- a/2011/2xxx/CVE-2011-2183.json +++ b/2011/2xxx/CVE-2011-2183.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110606 Re: CVE request: kernel: ksm: race between ksmd and exiting task", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/06/1" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b472611a32a72f4a118c069c2d62a1a3f087afd", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b472611a32a72f4a118c069c2d62a1a3f087afd" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=710338", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=710338" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2b472611a32a72f4a118c069c2d62a1a3f087afd", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2b472611a32a72f4a118c069c2d62a1a3f087afd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the scan_get_next_rmap_item function in mm/ksm.c in the Linux kernel before 2.6.39.3, when Kernel SamePage Merging (KSM) is enabled, allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110606 Re: CVE request: kernel: ksm: race between ksmd and exiting task", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/06/1" + }, + { + "name": "https://github.com/torvalds/linux/commit/2b472611a32a72f4a118c069c2d62a1a3f087afd", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2b472611a32a72f4a118c069c2d62a1a3f087afd" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=710338", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=710338" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b472611a32a72f4a118c069c2d62a1a3f087afd", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2b472611a32a72f4a118c069c2d62a1a3f087afd" + }, + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39.3" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2317.json b/2011/2xxx/CVE-2011-2317.json index bae6e6e3a14..1846a4a03f5 100644 --- a/2011/2xxx/CVE-2011-2317.json +++ b/2011/2xxx/CVE-2011-2317.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-2317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2444.json b/2011/2xxx/CVE-2011-2444.json index 71f9a37b37c..904e339d0b6 100644 --- a/2011/2xxx/CVE-2011-2444.json +++ b/2011/2xxx/CVE-2011-2444.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a \"universal cross-site scripting issue,\" as exploited in the wild in September 2011." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-26.html" - }, - { - "name" : "RHSA-2011:1333", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1333.html" - }, - { - "name" : "SUSE-SU-2011:1063", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html" - }, - { - "name" : "oval:org.mitre.oval:def:14050", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050" - }, - { - "name" : "oval:org.mitre.oval:def:15272", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a \"universal cross-site scripting issue,\" as exploited in the wild in September 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "oval:org.mitre.oval:def:15272", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272" + }, + { + "name": "SUSE-SU-2011:1063", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html" + }, + { + "name": "RHSA-2011:1333", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1333.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html" + }, + { + "name": "oval:org.mitre.oval:def:14050", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-26.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-26.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3069.json b/2011/3xxx/CVE-2011-3069.json index 850b2d7939e..994c9bdab22 100644 --- a/2011/3xxx/CVE-2011-3069.json +++ b/2011/3xxx/CVE-2011-3069.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=117728", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=117728" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201204-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-03.xml" - }, - { - "name" : "52913", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52913" - }, - { - "name" : "81039", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81039" - }, - { - "name" : "oval:org.mitre.oval:def:15310", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15310" - }, - { - "name" : "1026892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026892" - }, - { - "name" : "48732", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48732" - }, - { - "name" : "48749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48749" - }, - { - "name" : "chrome-linebos-code-execution(74629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" + }, + { + "name": "1026892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026892" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52913", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52913" + }, + { + "name": "48749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48749" + }, + { + "name": "48732", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48732" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=117728", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=117728" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "chrome-linebos-code-execution(74629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74629" + }, + { + "name": "GLSA-201204-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:15310", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15310" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "81039", + "refsource": "OSVDB", + "url": "http://osvdb.org/81039" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3666.json b/2011/3xxx/CVE-2011-3666.json index 780cb36cfd4..9d20fa93ab9 100644 --- a/2011/3xxx/CVE-2011-3666.json +++ b/2011/3xxx/CVE-2011-3666.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-59.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-59.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=704622", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=704622" - }, - { - "name" : "oval:org.mitre.oval:def:14831", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14831" - }, - { - "name" : "1026445", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026445" - }, - { - "name" : "1026447", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026447", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026447" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=704622", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=704622" + }, + { + "name": "1026445", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026445" + }, + { + "name": "oval:org.mitre.oval:def:14831", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14831" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-59.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-59.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4860.json b/2011/4xxx/CVE-2011-4860.json index d8563a06415..f9180423ec6 100644 --- a/2011/4xxx/CVE-2011-4860.json +++ b/2011/4xxx/CVE-2011-4860.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1094.json b/2013/1xxx/CVE-2013-1094.json index 1bc691b6b34..2b1bb96c2b3 100644 --- a/2013/1xxx/CVE-2013-1094.json +++ b/2013/1xxx/CVE-2013-1094.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012025", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012025" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012501", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012501" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012027", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a ZCC page in zenworks-core in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via an invalid locale." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012501", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012501" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012027", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012027" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012025", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012025" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1129.json b/2013/1xxx/CVE-2013-1129.json index a351392f400..300c4881b2b 100644 --- a/2013/1xxx/CVE-2013-1129.json +++ b/2013/1xxx/CVE-2013-1129.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130215 Cisco Unity Connection Memory Leak Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco Unity Connection 9.x allows remote attackers to cause a denial of service (memory consumption and process crash) by sending many TCP requests, aka Bug ID CSCud59736." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130215 Cisco Unity Connection Memory Leak Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1129" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1319.json b/2013/1xxx/CVE-2013-1319.json index 6167e7bed4b..1147de5de22 100644 --- a/2013/1xxx/CVE-2013-1319.json +++ b/2013/1xxx/CVE-2013-1319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Publisher Return Value Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-1319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS13-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" - }, - { - "name" : "TA13-134A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" - }, - { - "name" : "oval:org.mitre.oval:def:16749", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka \"Publisher Return Value Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA13-134A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-134A" + }, + { + "name": "oval:org.mitre.oval:def:16749", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16749" + }, + { + "name": "MS13-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-042" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5347.json b/2013/5xxx/CVE-2013-5347.json index 4265be637a2..8a48f777d4b 100644 --- a/2013/5xxx/CVE-2013-5347.json +++ b/2013/5xxx/CVE-2013-5347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5347", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5347", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5642.json b/2013/5xxx/CVE-2013-5642.json index 602baf213b3..eb9c28c036c 100644 --- a/2013/5xxx/CVE-2013-5642.json +++ b/2013/5xxx/CVE-2013-5642.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2013-005.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2013-005.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-22007", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-22007" - }, - { - "name" : "DSA-2749", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2749" - }, - { - "name" : "MDVSA-2013:223", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223" - }, - { - "name" : "62022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62022" - }, - { - "name" : "96690", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/96690" - }, - { - "name" : "1028957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028957" - }, - { - "name" : "54534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54534" - }, - { - "name" : "54617", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54617" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54534" + }, + { + "name": "96690", + "refsource": "OSVDB", + "url": "http://osvdb.org/96690" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2013-005.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2013-005.html" + }, + { + "name": "54617", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54617" + }, + { + "name": "DSA-2749", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2749" + }, + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-22007", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-22007" + }, + { + "name": "1028957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028957" + }, + { + "name": "62022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62022" + }, + { + "name": "20130827 AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html" + }, + { + "name": "MDVSA-2013:223", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:223" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5645.json b/2013/5xxx/CVE-2013-5645.json index 8b57f0f1042..43ffed133c8 100644 --- a/2013/5xxx/CVE-2013-5645.json +++ b/2013/5xxx/CVE-2013-5645.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github" - }, - { - "name" : "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github" - }, - { - "name" : "http://trac.roundcube.net/ticket/1489251", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/ticket/1489251" - }, - { - "name" : "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3", - "refsource" : "CONFIRM", - "url" : "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3" - }, - { - "name" : "openSUSE-SU-2013:1420", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github" + }, + { + "name": "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github" + }, + { + "name": "openSUSE-SU-2013:1420", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00018.html" + }, + { + "name": "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3" + }, + { + "name": "http://trac.roundcube.net/ticket/1489251", + "refsource": "CONFIRM", + "url": "http://trac.roundcube.net/ticket/1489251" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5980.json b/2013/5xxx/CVE-2013-5980.json index 842cc95a613..dadcdc5f0c8 100644 --- a/2013/5xxx/CVE-2013-5980.json +++ b/2013/5xxx/CVE-2013-5980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5980", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5980", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2082.json b/2014/2xxx/CVE-2014-2082.json index faf87afb47b..5a7e922de6b 100644 --- a/2014/2xxx/CVE-2014-2082.json +++ b/2014/2xxx/CVE-2014-2082.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2082", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2082", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2209.json b/2014/2xxx/CVE-2014-2209.json index c8ba03c43cb..f23bdd2ff30 100644 --- a/2014/2xxx/CVE-2014-2209.json +++ b/2014/2xxx/CVE-2014-2209.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946", - "refsource" : "CONFIRM", - "url" : "https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946", + "refsource": "CONFIRM", + "url": "https://github.com/facebook/hhvm/commit/851fff90a9b7461df2393af32239ba217bc25946" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6037.json b/2014/6xxx/CVE-2014-6037.json index b0e6e6f7c20..7934bb470a5 100644 --- a/2014/6xxx/CVE-2014-6037.json +++ b/2014/6xxx/CVE-2014-6037.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34519", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34519" - }, - { - "name" : "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Aug/86" - }, - { - "name" : "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/20" - }, - { - "name" : "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/19" - }, - { - "name" : "20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Sep/1" - }, - { - "name" : "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html" - }, - { - "name" : "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt", - "refsource" : "MISC", - "url" : "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/3732", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/3732" - }, - { - "name" : "69482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69482" - }, - { - "name" : "110642", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/110642" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html" + }, + { + "name": "34519", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34519" + }, + { + "name": "20140831 Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Aug/86" + }, + { + "name": "20140901 [The ManageOwnage Series, part IV]: RCE / file upload in Eventlog Analyzer, feat. special guests h0ng10 and Mogwai Security", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/1" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/pull/3732", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/3732" + }, + { + "name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/19" + }, + { + "name": "69482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69482" + }, + { + "name": "20140903 Re: Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Sep/20" + }, + { + "name": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt", + "refsource": "MISC", + "url": "https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt" + }, + { + "name": "110642", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/110642" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6234.json b/2014/6xxx/CVE-2014-6234.json index 5f5a59c5880..fa9cc7d1d88 100644 --- a/2014/6xxx/CVE-2014-6234.json +++ b/2014/6xxx/CVE-2014-6234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010" - }, - { - "name" : "http://typo3.org/extensions/repository/view/jh_opengraphprotocol", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/jh_opengraphprotocol" - }, - { - "name" : "69566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69566" - }, - { - "name" : "60874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60874" - }, - { - "name" : "opengraphprotocol-unspecified-xss(95704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69566" + }, + { + "name": "http://typo3.org/extensions/repository/view/jh_opengraphprotocol", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/jh_opengraphprotocol" + }, + { + "name": "60874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60874" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010" + }, + { + "name": "opengraphprotocol-unspecified-xss(95704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95704" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6254.json b/2014/6xxx/CVE-2014-6254.json index 44a62334579..82c12ac81b3 100644 --- a/2014/6xxx/CVE-2014-6254.json +++ b/2014/6xxx/CVE-2014-6254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", - "refsource" : "CONFIRM", - "url" : "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" - }, - { - "name" : "VU#449452", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/449452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device detail, (3) report name, (4) report detail, or (5) portlet name, or (6) a string to a helper method, aka ZEN-15381 and ZEN-15410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#449452", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/449452" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", + "refsource": "CONFIRM", + "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6545.json b/2014/6xxx/CVE-2014-6545.json index f9f1b0199e2..8262c47df1b 100644 --- a/2014/6xxx/CVE-2014-6545.json +++ b/2014/6xxx/CVE-2014-6545.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "70467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70467" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6792.json b/2014/6xxx/CVE-2014-6792.json index 5881f3036fa..82e88264b4b 100644 --- a/2014/6xxx/CVE-2014-6792.json +++ b/2014/6xxx/CVE-2014-6792.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#601153", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/601153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#601153", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/601153" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0858.json b/2017/0xxx/CVE-2017-0858.json index 9f896f093f0..850879cbba8 100644 --- a/2017/0xxx/CVE-2017-0858.json +++ b/2017/0xxx/CVE-2017-0858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-11-06T00:00:00", - "ID" : "CVE-2017-0858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-11-06T00:00:00", + "ID": "CVE-2017-0858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64836894." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0891.json b/2017/0xxx/CVE-2017-0891.json index 5d634fcc95d..b792c77bc84 100644 --- a/2017/0xxx/CVE-2017-0891.json +++ b/2017/0xxx/CVE-2017-0891.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Nextcloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "before 9.0.58 and 10.0.5 and 11.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "Nextcloud" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Nextcloud Server", + "version": { + "version_data": [ + { + "version_value": "before 9.0.58 and 10.0.5 and 11.0.3" + } + ] + } + } + ] + }, + "vendor_name": "Nextcloud" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/216812", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/216812" - }, - { - "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-008", - "refsource" : "CONFIRM", - "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2017-008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-008", + "refsource": "CONFIRM", + "url": "https://nextcloud.com/security/advisory/?id=nc-sa-2017-008" + }, + { + "name": "https://hackerone.com/reports/216812", + "refsource": "MISC", + "url": "https://hackerone.com/reports/216812" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000019.json b/2017/1000xxx/CVE-2017-1000019.json index 3ae1624462f..2f7755902c6 100644 --- a/2017/1000xxx/CVE-2017-1000019.json +++ b/2017/1000xxx/CVE-2017-1000019.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.270261", - "ID" : "CVE-2017-1000019", - "REQUESTER" : "cmpilato@red-bean.com", - "STATE" : "REJECT", - "STATE_DETAIL" : "DUPLICATE of CVE-2017-5938" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5938. Reason: This candidate is a reservation duplicate of CVE-2017-5938. Notes: All CVE users should reference CVE-2017-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000019", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5938. Reason: This candidate is a reservation duplicate of CVE-2017-5938. Notes: All CVE users should reference CVE-2017-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000447.json b/2017/1000xxx/CVE-2017-1000447.json index 89ddce51808..5856df2118c 100644 --- a/2017/1000xxx/CVE-2017-1000447.json +++ b/2017/1000xxx/CVE-2017-1000447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1000447", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000447", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18318.json b/2017/18xxx/CVE-2017-18318.json index 30feace972e..59506c0aec1 100644 --- a/2017/18xxx/CVE-2017-18318.json +++ b/2017/18xxx/CVE-2017-18318.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Broadcast Services" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "105838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Broadcast Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "105838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105838" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1094.json b/2017/1xxx/CVE-2017-1094.json index 297b1c96dc8..253db0b4a90 100644 --- a/2017/1xxx/CVE-2017-1094.json +++ b/2017/1xxx/CVE-2017-1094.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1094", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1094", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1296.json b/2017/1xxx/CVE-2017-1296.json index 117a6030a22..fef3fe477c1 100644 --- a/2017/1xxx/CVE-2017-1296.json +++ b/2017/1xxx/CVE-2017-1296.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1296", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1296", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1771.json b/2017/1xxx/CVE-2017-1771.json index b4e01b916e4..7ddd758b396 100644 --- a/2017/1xxx/CVE-2017-1771.json +++ b/2017/1xxx/CVE-2017-1771.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1771", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1771", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1877.json b/2017/1xxx/CVE-2017-1877.json index 9b6629ba68d..ea6cbb84a54 100644 --- a/2017/1xxx/CVE-2017-1877.json +++ b/2017/1xxx/CVE-2017-1877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1877", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1877", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1951.json b/2017/1xxx/CVE-2017-1951.json index f83e901c1a3..de71393d529 100644 --- a/2017/1xxx/CVE-2017-1951.json +++ b/2017/1xxx/CVE-2017-1951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1951", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1951", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4314.json b/2017/4xxx/CVE-2017-4314.json index 57536cf1185..109c69c3f06 100644 --- a/2017/4xxx/CVE-2017-4314.json +++ b/2017/4xxx/CVE-2017-4314.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4314", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4314", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4354.json b/2017/4xxx/CVE-2017-4354.json index 8d02d2d09f9..d3e5431e723 100644 --- a/2017/4xxx/CVE-2017-4354.json +++ b/2017/4xxx/CVE-2017-4354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4354", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4354", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4775.json b/2017/4xxx/CVE-2017-4775.json index 4bc2d6b1cc3..daeb29a1915 100644 --- a/2017/4xxx/CVE-2017-4775.json +++ b/2017/4xxx/CVE-2017-4775.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4775", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4775", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4843.json b/2017/4xxx/CVE-2017-4843.json index 7baf155575a..b5a2b93576d 100644 --- a/2017/4xxx/CVE-2017-4843.json +++ b/2017/4xxx/CVE-2017-4843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4843", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4843", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4998.json b/2017/4xxx/CVE-2017-4998.json index 95a76e25b41..dc5626bfdde 100644 --- a/2017/4xxx/CVE-2017-4998.json +++ b/2017/4xxx/CVE-2017-4998.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-4998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-4998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1", + "version": { + "version_data": [ + { + "version_value": "RSA Archer version 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/49", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/49" - }, - { - "name" : "99354", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99354" - }, - { - "name" : "1038815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behalf of the victim, using the authenticated user's privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99354", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99354" + }, + { + "name": "1038815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038815" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/49", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jun/49" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5853.json b/2017/5xxx/CVE-2017-5853.json index 2d77b686162..bbc3982bf19 100644 --- a/2017/5xxx/CVE-2017-5853.json +++ b/2017/5xxx/CVE-2017-5853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/" - }, - { - "name" : "96066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96066" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/" + } + ] + } +} \ No newline at end of file