diff --git a/2001/0xxx/CVE-2001-0138.json b/2001/0xxx/CVE-2001-0138.json index 1b4328f7467..960a2c97a83 100644 --- a/2001/0xxx/CVE-2001-0138.json +++ b/2001/0xxx/CVE-2001-0138.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010110 Immunix OS Security update for lots of temp file problems", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" - }, - { - "name" : "MDKSA-2001-001", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3" - }, - { - "name" : "DSA-016", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2001/dsa-016" - }, - { - "name" : "2189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2189" - }, - { - "name" : "linux-wuftpd-privatepw-symlink(5915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5915" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20010110 Immunix OS Security update for lots of temp file problems", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2" + }, + { + "name": "2189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2189" + }, + { + "name": "MDKSA-2001-001", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3" + }, + { + "name": "linux-wuftpd-privatepw-symlink(5915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5915" + }, + { + "name": "DSA-016", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2001/dsa-016" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1214.json b/2001/1xxx/CVE-2001-1214.json index 825a6723820..81aa8fecda3 100644 --- a/2001/1xxx/CVE-2001-1214.json +++ b/2001/1xxx/CVE-2001-1214.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011215 *ALERT* \"Unix Manual\" PHP-Script allows arbitrary code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/247332" - }, - { - "name" : "VU#672419", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/672419" - }, - { - "name" : "unixmanual-php-command-execution(7719)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7719.php" - }, - { - "name" : "3718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote attackers to execute arbitrary code via a URL that contains shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "unixmanual-php-command-execution(7719)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7719.php" + }, + { + "name": "VU#672419", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/672419" + }, + { + "name": "3718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3718" + }, + { + "name": "20011215 *ALERT* \"Unix Manual\" PHP-Script allows arbitrary code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/247332" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1414.json b/2001/1xxx/CVE-2001-1414.json index c1124166d7c..4fec856d59c 100644 --- a/2001/1xxx/CVE-2001-1414.json +++ b/2001/1xxx/CVE-2001-1414.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "40521", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-40521-1" - }, - { - "name" : "7396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7396" - }, - { - "name" : "solaris-bsm-no-audit(11841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40521", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-40521-1" + }, + { + "name": "7396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7396" + }, + { + "name": "solaris-bsm-no-audit(11841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11841" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1533.json b/2001/1xxx/CVE-2001-1533.json index d01c884446e..1cc0a6b6e45 100644 --- a/2001/1xxx/CVE-2001-1533.json +++ b/2001/1xxx/CVE-2001-1533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this \"laws of physics\" issue might not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011102 Microsoft ISA Server Fragmented Udp Flood Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00018.html" - }, - { - "name" : "20051101 RE: Microsoft ISA Server Fragmented Udp Flood Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00031.html" - }, - { - "name" : "3501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3501" - }, - { - "name" : "isa-udp-flood-dos(7446)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7446.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this \"laws of physics\" issue might not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3501" + }, + { + "name": "isa-udp-flood-dos(7446)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7446.php" + }, + { + "name": "20051101 RE: Microsoft ISA Server Fragmented Udp Flood Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00031.html" + }, + { + "name": "20011102 Microsoft ISA Server Fragmented Udp Flood Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00018.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2038.json b/2006/2xxx/CVE-2006-2038.json index 3ec34940448..8fa0c6aa967 100644 --- a/2006/2xxx/CVE-2006-2038.json +++ b/2006/2xxx/CVE-2006-2038.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html" - }, - { - "name" : "ADV-2006-1512", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1512" - }, - { - "name" : "24934", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24934" - }, - { - "name" : "24935", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24935" - }, - { - "name" : "24936", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24936" - }, - { - "name" : "24937", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/24937" - }, - { - "name" : "19806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19806" - }, - { - "name" : "ampleshop-multiple-sql-injection(26064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1512", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1512" + }, + { + "name": "ampleshop-multiple-sql-injection(26064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26064" + }, + { + "name": "19806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19806" + }, + { + "name": "24934", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24934" + }, + { + "name": "24937", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24937" + }, + { + "name": "24935", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24935" + }, + { + "name": "http://pridels0.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/04/ampleshop-ecommerce-software-vuln.html" + }, + { + "name": "24936", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/24936" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2322.json b/2006/2xxx/CVE-2006-2322.json index fa755312a73..aff755ffe3e 100644 --- a/2006/2xxx/CVE-2006-2322.json +++ b/2006/2xxx/CVE-2006-2322.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060510 AVS TCP Relay Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml" - }, - { - "name" : "17937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17937" - }, - { - "name" : "ADV-2006-1762", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1762" - }, - { - "name" : "25459", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25459" - }, - { - "name" : "1016056", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016056" - }, - { - "name" : "20079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20079" - }, - { - "name" : "cisco-avs-unauth-tcp-relay(26351)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016056", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016056" + }, + { + "name": "cisco-avs-unauth-tcp-relay(26351)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26351" + }, + { + "name": "ADV-2006-1762", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1762" + }, + { + "name": "17937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17937" + }, + { + "name": "20079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20079" + }, + { + "name": "25459", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25459" + }, + { + "name": "20060510 AVS TCP Relay Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2778.json b/2006/2xxx/CVE-2006-2778.json index 816e43621c3..05cd3a00fc4 100644 --- a/2006/2xxx/CVE-2006-2778.json +++ b/2006/2xxx/CVE-2006-2778.json @@ -1,342 +1,342 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "GLSA-200606-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" - }, - { - "name" : "GLSA-200606-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0578.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "102763", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "USN-296-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-1/" - }, - { - "name" : "USN-297-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-1/" - }, - { - "name" : "USN-296-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-2/" - }, - { - "name" : "USN-297-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-3/" - }, - { - "name" : "USN-323-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/323-1/" - }, - { - "name" : "VU#421529", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/421529" - }, - { - "name" : "TA06-153A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-153A.html" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "oval:org.mitre.oval:def:9703", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2007-0058", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0058" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "1016214", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016214" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "20382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20382" - }, - { - "name" : "20561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20561" - }, - { - "name" : "20709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20709" - }, - { - "name" : "21134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21134" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21178" - }, - { - "name" : "21188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21188" - }, - { - "name" : "21210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21210" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-crypto-signtext-bo(26849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20709" + }, + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "USN-297-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-3/" + }, + { + "name": "USN-296-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-1/" + }, + { + "name": "USN-323-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/323-1/" + }, + { + "name": "20561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20561" + }, + { + "name": "TA06-153A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-153A.html" + }, + { + "name": "21210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21210" + }, + { + "name": "ADV-2007-0058", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0058" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "20382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20382" + }, + { + "name": "1016214", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016214" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "21178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21178" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-38.html" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "21188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21188" + }, + { + "name": "21134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21134" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "USN-296-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-2/" + }, + { + "name": "GLSA-200606-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "mozilla-crypto-signtext-bo(26849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26849" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "GLSA-200606-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "102763", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "USN-297-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-1/" + }, + { + "name": "RHSA-2006:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "oval:org.mitre.oval:def:9703", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9703" + }, + { + "name": "VU#421529", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/421529" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3100.json b/2006/3xxx/CVE-2006-3100.json index 5396c6aa16a..4a410b31071 100644 --- a/2006/3xxx/CVE-2006-3100.json +++ b/2006/3xxx/CVE-2006-3100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6089.json b/2006/6xxx/CVE-2006-6089.json index 0e3f9378cbe..59af5a012a2 100644 --- a/2006/6xxx/CVE-2006-6089.json +++ b/2006/6xxx/CVE-2006-6089.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061115 BaalAsp forum [login bypass ,injections sql(post), xss(post)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451846/100/100/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=35", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=35" - }, - { - "name" : "21111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21111" - }, - { - "name" : "ADV-2006-4579", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4579" - }, - { - "name" : "22943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22943" - }, - { - "name" : "1913", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1913" - }, - { - "name" : "baalasp-addpost1-xss(30344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21111" + }, + { + "name": "20061115 BaalAsp forum [login bypass ,injections sql(post), xss(post)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451846/100/100/threaded" + }, + { + "name": "22943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22943" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=35", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=35" + }, + { + "name": "1913", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1913" + }, + { + "name": "baalasp-addpost1-xss(30344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30344" + }, + { + "name": "ADV-2006-4579", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4579" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6214.json b/2006/6xxx/CVE-2006-6214.json index b57890e55a3..21c390ab474 100644 --- a/2006/6xxx/CVE-2006-6214.json +++ b/2006/6xxx/CVE-2006-6214.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2835", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2835" - }, - { - "name" : "21274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21274" - }, - { - "name" : "ADV-2006-4687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4687" - }, - { - "name" : "23084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23084" - }, - { - "name" : "wallpaperwebsite-wallpaper-sql-injection(30528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2835", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2835" + }, + { + "name": "21274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21274" + }, + { + "name": "ADV-2006-4687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4687" + }, + { + "name": "wallpaperwebsite-wallpaper-sql-injection(30528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30528" + }, + { + "name": "23084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23084" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6262.json b/2006/6xxx/CVE-2006-6262.json index 9c211a9b355..907098c521d 100644 --- a/2006/6xxx/CVE-2006-6262.json +++ b/2006/6xxx/CVE-2006-6262.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061127 MHL-2006-003 Public Advisory: \"mboard\" file creation issue", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452772/100/0/threaded" - }, - { - "name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt", - "refsource" : "MISC", - "url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt" - }, - { - "name" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004", - "refsource" : "MISC", - "url" : "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004" - }, - { - "name" : "21304", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21304" - }, - { - "name" : "ADV-2006-4769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4769" - }, - { - "name" : "23129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23129" - }, - { - "name" : "1988", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1988" - }, - { - "name" : "mboard-origid-directory-traversal(30558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4769" + }, + { + "name": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004", + "refsource": "MISC", + "url": "http://www.mayhemiclabs.com/wiki/wikka.php?wakka=MHL2006004" + }, + { + "name": "1988", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1988" + }, + { + "name": "http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt", + "refsource": "MISC", + "url": "http://www.mayhemiclabs.com/advisories/MHL-2006-004.txt" + }, + { + "name": "21304", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21304" + }, + { + "name": "20061127 MHL-2006-003 Public Advisory: \"mboard\" file creation issue", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452772/100/0/threaded" + }, + { + "name": "mboard-origid-directory-traversal(30558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30558" + }, + { + "name": "23129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23129" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6589.json b/2006/6xxx/CVE-2006-6589.json index 95f8356f8bc..0c69e416007 100644 --- a/2006/6xxx/CVE-2006-6589.json +++ b/2006/6xxx/CVE-2006-6589.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jira.undersunconsulting.com/browse/OFBIZ-559", - "refsource" : "MISC", - "url" : "http://jira.undersunconsulting.com/browse/OFBIZ-559" - }, - { - "name" : "https://issues.apache.org/jira/browse/OFBIZ-260", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/OFBIZ-260" - }, - { - "name" : "21702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21702" - }, - { - "name" : "23457", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23457", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23457" + }, + { + "name": "http://jira.undersunconsulting.com/browse/OFBIZ-559", + "refsource": "MISC", + "url": "http://jira.undersunconsulting.com/browse/OFBIZ-559" + }, + { + "name": "https://issues.apache.org/jira/browse/OFBIZ-260", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/OFBIZ-260" + }, + { + "name": "21702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21702" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7047.json b/2006/7xxx/CVE-2006-7047.json index f2ab6373472..eb7497b6660 100644 --- a/2006/7xxx/CVE-2006-7047.json +++ b/2006/7xxx/CVE-2006-7047.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 Re: Shoutpro 1.0 Version - Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436997/30/4410/threaded" - }, - { - "name" : "20060613 Shoutpro 1.0 Version - Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436975/30/4440/threaded" - }, - { - "name" : "2303", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2303" - }, - { - "name" : "shoutpro-include-file-include(27111)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally reported as remote file inclusion, but CVE analysis suggests that this cannot be used for code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shoutpro-include-file-include(27111)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27111" + }, + { + "name": "20060613 Re: Shoutpro 1.0 Version - Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436997/30/4410/threaded" + }, + { + "name": "2303", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2303" + }, + { + "name": "20060613 Shoutpro 1.0 Version - Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436975/30/4440/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0374.json b/2011/0xxx/CVE-2011-0374.json index 7b5ef39466f..de45f2af160 100644 --- a/2011/0xxx/CVE-2011-0374.json +++ b/2011/0xxx/CVE-2011-0374.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to \"command injection vulnerabilities,\" aka Bug ID CSCtb31659." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml" - }, - { - "name" : "1025112", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to \"command injection vulnerabilities,\" aka Bug ID CSCtb31659." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025112", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025112" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0675.json b/2011/0xxx/CVE-2011-0675.json index 0579770b0f4..a6dd088d73f 100644 --- a/2011/0xxx/CVE-2011-0675.json +++ b/2011/0xxx/CVE-2011-0675.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47210" - }, - { - "name" : "71748", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71748" - }, - { - "name" : "oval:org.mitre.oval:def:12183", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12183" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var10-priv-escalation(66404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "mswin-win32k-var10-priv-escalation(66404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66404" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "oval:org.mitre.oval:def:12183", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12183" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "71748", + "refsource": "OSVDB", + "url": "http://osvdb.org/71748" + }, + { + "name": "47210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47210" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0937.json b/2011/0xxx/CVE-2011-0937.json index 12fdb69dff8..1abb4e8138c 100644 --- a/2011/0xxx/CVE-2011-0937.json +++ b/2011/0xxx/CVE-2011-0937.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0937", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0937", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2131.json b/2011/2xxx/CVE-2011-2131.json index 74372059996..a682b93c61a 100644 --- a/2011/2xxx/CVE-2011-2131.json +++ b/2011/2xxx/CVE-2011-2131.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-22.html" - }, - { - "name" : "TA11-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" - }, - { - "name" : "8347", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-22.html" + }, + { + "name": "8347", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8347" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2459.json b/2011/2xxx/CVE-2011-2459.json index ff3b22ab2dd..355e799aac9 100644 --- a/2011/2xxx/CVE-2011-2459.json +++ b/2011/2xxx/CVE-2011-2459.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-28.html" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "RHSA-2011:1445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1445.html" - }, - { - "name" : "SUSE-SA:2011:043", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" - }, - { - "name" : "SUSE-SU-2011:1244", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" - }, - { - "name" : "openSUSE-SU-2011:1240", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" - }, - { - "name" : "oval:org.mitre.oval:def:13904", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13904" - }, - { - "name" : "oval:org.mitre.oval:def:15756", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15756" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2460." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13904", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13904" + }, + { + "name": "openSUSE-SU-2011:1240", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html" + }, + { + "name": "SUSE-SA:2011:043", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00019.html" + }, + { + "name": "SUSE-SU-2011:1244", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00017.html" + }, + { + "name": "oval:org.mitre.oval:def:15756", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15756" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "RHSA-2011:1445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1445.html" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-28.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-28.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3492.json b/2011/3xxx/CVE-2011-3492.json index 7640accc5a5..1d1616277e2 100644 --- a/2011/3xxx/CVE-2011-3492.json +++ b/2011/3xxx/CVE-2011-3492.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17855", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17855" - }, - { - "name" : "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf" - }, - { - "name" : "75496", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75496" - }, - { - "name" : "daqfactory-netb-bo(69764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "daqfactory-netb-bo(69764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69764" + }, + { + "name": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/daqfactory_1-adv.txt" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-02.pdf" + }, + { + "name": "17855", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17855" + }, + { + "name": "75496", + "refsource": "OSVDB", + "url": "http://osvdb.org/75496" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3729.json b/2011/3xxx/CVE-2011-3729.json index ae27f983f11..c53540ef670 100644 --- a/2011/3xxx/CVE-2011-3729.json +++ b/2011/3xxx/CVE-2011-3729.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dotproject 2.1.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by style/dp-grey-theme/footer.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/dotproject-2.1.4" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3941.json b/2011/3xxx/CVE-2011-3941.json index 2de64f1751b..ce48be0744a 100644 --- a/2011/3xxx/CVE-2011-3941.json +++ b/2011/3xxx/CVE-2011-3941.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c77be3a35a0160d6af88056b0899f120f2eef38e" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3946.json b/2011/3xxx/CVE-2011-3946.json index 1c1b975c496..f164f5e3997 100644 --- a/2011/3xxx/CVE-2011-3946.json +++ b/2011/3xxx/CVE-2011-3946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Supplemental enhancement information (SEI) data, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9decfc17bb76da34734296048d390b176abf404c" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3951.json b/2011/3xxx/CVE-2011-3951.json index a3fd44712be..55e740301f3 100644 --- a/2011/3xxx/CVE-2011-3951.json +++ b/2011/3xxx/CVE-2011-3951.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ffmpeg.org/", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e" - }, - { - "name" : "http://libav.org/", - "refsource" : "CONFIRM", - "url" : "http://libav.org/" - }, - { - "name" : "DSA-2494", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2494" - }, - { - "name" : "USN-1479-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1479-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1479-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1479-1" + }, + { + "name": "DSA-2494", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2494" + }, + { + "name": "http://ffmpeg.org/", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/" + }, + { + "name": "http://libav.org/", + "refsource": "CONFIRM", + "url": "http://libav.org/" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=commit;h=ce7aee9b733134649a6ce2fa743e51733f33e67e" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3960.json b/2011/3xxx/CVE-2011-3960.json index bd666dd754d..5c3513d5595 100644 --- a/2011/3xxx/CVE-2011-3960.json +++ b/2011/3xxx/CVE-2011-3960.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=108416", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=108416" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14921", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.46 does not properly decode audio data, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14921", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14921" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=108416", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=108416" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4646.json b/2011/4xxx/CVE-2011-4646.json index 04ea18199a4..5988e004af0 100644 --- a/2011/4xxx/CVE-2011-4646.json +++ b/2011/4xxx/CVE-2011-4646.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php" - }, - { - "name" : "http://wordpress.org/extend/plugins/wp-postratings/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wp-postratings/changelog/" - }, - { - "name" : "49986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49986" - }, - { - "name" : "46328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/430970/wp-postratings/trunk/wp-postratings.php?old=355076&old_path=wp-postratings%2Ftrunk%2Fwp-postratings.php" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-postratings/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wp-postratings/changelog/" + }, + { + "name": "46328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46328" + }, + { + "name": "49986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49986" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4691.json b/2011/4xxx/CVE-2011-4691.json index 78c06227aae..da49b9d883e 100644 --- a/2011/4xxx/CVE-2011-4691.json +++ b/2011/4xxx/CVE-2011-4691.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lcamtuf.coredump.cx/cachetime/", - "refsource" : "MISC", - "url" : "http://lcamtuf.coredump.cx/cachetime/" - }, - { - "name" : "oval:org.mitre.oval:def:14188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14188" - }, - { - "name" : "47127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome 15.0.874.121 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lcamtuf.coredump.cx/cachetime/", + "refsource": "MISC", + "url": "http://lcamtuf.coredump.cx/cachetime/" + }, + { + "name": "oval:org.mitre.oval:def:14188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14188" + }, + { + "name": "47127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47127" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4698.json b/2011/4xxx/CVE-2011-4698.json index c7eef441c0d..2706555c6e2 100644 --- a/2011/4xxx/CVE-2011-4698.json +++ b/2011/4xxx/CVE-2011-4698.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4698-vulnerability-in-EasyFilter.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4698-vulnerability-in-EasyFilter.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AndroidAppTools Easy Filter (com.phoneblocker.android) application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4698-vulnerability-in-EasyFilter.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4698-vulnerability-in-EasyFilter.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4870.json b/2011/4xxx/CVE-2011-4870.json index ed654416a0d..801719201c4 100644 --- a/2011/4xxx/CVE-2011-4870.json +++ b/2011/4xxx/CVE-2011-4870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf" - }, - { - "name" : "51129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and (3) BatchSecCtrl ActiveX controls in Invensys Wonderware InBatch 9.0 and 9.0 SP1, and InBatch 8.1 SP1, 9.0 SP2, and 9.5 Server and Runtime Clients, allow remote attackers to execute arbitrary code via a long string in a property value, a different issue than CVE-2011-3141." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-332-01A.pdf" + }, + { + "name": "51129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51129" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4880.json b/2011/4xxx/CVE-2011-4880.json index 35bdfaa85a5..89f086b02c8 100644 --- a/2011/4xxx/CVE-2011-4880.json +++ b/2011/4xxx/CVE-2011-4880.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1646.json b/2013/1xxx/CVE-2013-1646.json index f7803c73b19..a618a62cb14 100644 --- a/2013/1xxx/CVE-2013-1646.json +++ b/2013/1xxx/CVE-2013-1646.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130313 Open-Xchange Security Advisory 2013-03-13", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST request, (2) an arbitrary parameter to servlet/TestServlet, (3) a javascript: URL in a standalone-mode action to a UWA module, (4) an infostore attachment, (5) JavaScript code in a contact image, (6) an RSS feed, or (7) a signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130313 Open-Xchange Security Advisory 2013-03-13", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0075.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1656.json b/2013/1xxx/CVE-2013-1656.json index 28190ffedb7..9815c7815a7 100644 --- a/2013/1xxx/CVE-2013-1656.json +++ b/2013/1xxx/CVE-2013-1656.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html", - "refsource" : "MISC", - "url" : "http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html" - }, - { - "name" : "https://www.conviso.com.br/advisories/CVE-2013-1656.txt", - "refsource" : "MISC", - "url" : "https://www.conviso.com.br/advisories/CVE-2013-1656.txt" - }, - { - "name" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/controllers/spree/admin/payment_methods_controller.rb; and the (2) promotion_action parameter to promotion_actions_controller.rb, (3) promotion_rule parameter to promotion_rules_controller.rb, and (4) calculator_type parameter to promotions_controller.rb in promo/app/controllers/spree/admin/, related to unsafe use of the constantize function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html", + "refsource": "MISC", + "url": "http://blog.conviso.com.br/2013/03/spree-commerce-multiple-unsafe.html" + }, + { + "name": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed" + }, + { + "name": "https://www.conviso.com.br/advisories/CVE-2013-1656.txt", + "refsource": "MISC", + "url": "https://www.conviso.com.br/advisories/CVE-2013-1656.txt" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5102.json b/2013/5xxx/CVE-2013-5102.json index 8813c8f5593..1ede5b88499 100644 --- a/2013/5xxx/CVE-2013-5102.json +++ b/2013/5xxx/CVE-2013-5102.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5102", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5102", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5760.json b/2013/5xxx/CVE-2013-5760.json index 324c8c46a3f..1c1092b1743 100644 --- a/2013/5xxx/CVE-2013-5760.json +++ b/2013/5xxx/CVE-2013-5760.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt", - "refsource" : "MISC", - "url" : "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt" - }, - { - "name" : "photostation-cve20135760-info-disclosure(89117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QNAP Photo Station before firmware 4.0.3 build0912 allows remote attackers to list OS user accounts via a request to photo/p/api/list.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "photostation-cve20135760-info-disclosure(89117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89117" + }, + { + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt", + "refsource": "MISC", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-029.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2385.json b/2014/2xxx/CVE-2014-2385.json index 4bdbd91b66d..bdf6249f38e 100644 --- a/2014/2xxx/CVE-2014-2385.json +++ b/2014/2xxx/CVE-2014-2385.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140625 CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532558/100/0/threaded" - }, - { - "name" : "20140625 CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/126" - }, - { - "name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/", - "refsource" : "MISC", - "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/" - }, - { - "name" : "http://packetstormsecurity.com/files/127228/Sophos-Antivirus-9.5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127228/Sophos-Antivirus-9.5.1-Cross-Site-Scripting.html" - }, - { - "name" : "http://www.sophos.com/en-us/support/knowledgebase/121135.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.sophos.com/en-us/support/knowledgebase/121135.aspx" - }, - { - "name" : "1030467", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter to exclusion/configure or (4) text:EmailServer or (5) newListList:Email parameter to notification/configure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140625 CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532558/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/127228/Sophos-Antivirus-9.5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127228/Sophos-Antivirus-9.5.1-Cross-Site-Scripting.html" + }, + { + "name": "20140625 CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/126" + }, + { + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/", + "refsource": "MISC", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/" + }, + { + "name": "http://www.sophos.com/en-us/support/knowledgebase/121135.aspx", + "refsource": "CONFIRM", + "url": "http://www.sophos.com/en-us/support/knowledgebase/121135.aspx" + }, + { + "name": "1030467", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030467" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2555.json b/2014/2xxx/CVE-2014-2555.json index dbf555ebee6..ccbd64e01bf 100644 --- a/2014/2xxx/CVE-2014-2555.json +++ b/2014/2xxx/CVE-2014-2555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6088.json b/2014/6xxx/CVE-2014-6088.json index e3c80c58a8d..e46284c7b35 100644 --- a/2014/6xxx/CVE-2014-6088.json +++ b/2014/6xxx/CVE-2014-6088.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" - }, - { - "name" : "IV67358", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" - }, - { - "name" : "IV67581", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" - }, - { - "name" : "ibm-sam-cve20146088-nullcipher(95860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to obtain sensitive information by sniffing the network during use of the null SSL cipher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684475" + }, + { + "name": "ibm-sam-cve20146088-nullcipher(95860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95860" + }, + { + "name": "IV67358", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67358" + }, + { + "name": "IV67581", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV67581" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6380.json b/2014/6xxx/CVE-2014-6380.json index 2002b84a7d5..448012a9755 100644 --- a/2014/6xxx/CVE-2014-6380.json +++ b/2014/6xxx/CVE-2014-6380.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or \"go offline\") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10655", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10655" - }, - { - "name" : "70369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70369" - }, - { - "name" : "1031011", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031011" - }, - { - "name" : "juniper-junos-cve20146380-dos(96904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D15, 13.2X52 before D15, 13.3 before R1, when using an em interface to connect to a certain internal network, allows remote attackers to cause a denial of service (em driver bock and FPC reset or \"go offline\") via a series of crafted (1) CLNP fragmented packets, when clns-routing or ESIS is configured, or (2) IPv4 or (3) IPv6 fragmented packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10655", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10655" + }, + { + "name": "70369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70369" + }, + { + "name": "1031011", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031011" + }, + { + "name": "juniper-junos-cve20146380-dos(96904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96904" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6583.json b/2014/6xxx/CVE-2014-6583.json index f623afe782f..0da8697528c 100644 --- a/2014/6xxx/CVE-2014-6583.json +++ b/2014/6xxx/CVE-2014-6583.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality and integrity via unknown vectors related to Audience." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031579", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. allows remote attackers to affect confidentiality and integrity via unknown vectors related to Audience." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031579", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031579" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6982.json b/2014/6xxx/CVE-2014-6982.json index ea960884319..c3106d10ed1 100644 --- a/2014/6xxx/CVE-2014-6982.json +++ b/2014/6xxx/CVE-2014-6982.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#422689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/422689" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#422689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/422689" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000198.json b/2017/1000xxx/CVE-2017-1000198.json index 573fb842c36..f46036343e2 100644 --- a/2017/1000xxx/CVE-2017-1000198.json +++ b/2017/1000xxx/CVE-2017-1000198.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.424422", - "ID" : "CVE-2017-1000198", - "REQUESTER" : "mgerstner@suse.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "tcmu-runner", - "version" : { - "version_data" : [ - { - "version_value" : "0.9.0 to 1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "https://github.com/open-iscsi/tcmu-runner" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.424422", + "ID": "CVE-2017-1000198", + "REQUESTER": "mgerstner@suse.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157", - "refsource" : "MISC", - "url" : "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157" - }, - { - "name" : "RHSA-2017:3277", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3277" + }, + { + "name": "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157", + "refsource": "MISC", + "url": "https://github.com/open-iscsi/tcmu-runner/commit/61bd03e600d2abf309173e9186f4d465bb1b7157" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000236.json b/2017/1000xxx/CVE-2017-1000236.json index 0b900a1f7e8..f286e492cb5 100644 --- a/2017/1000xxx/CVE-2017-1000236.json +++ b/2017/1000xxx/CVE-2017-1000236.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.465743", - "ID" : "CVE-2017-1000236", - "REQUESTER" : "j.singh@sec-consult.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "I, Librarian", - "version" : { - "version_data" : [ - { - "version_value" : "<=4.6 & 4.7" - } - ] - } - } - ] - }, - "vendor_name" : "I, Librarian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.465743", + "ID": "CVE-2017-1000236", + "REQUESTER": "j.singh@sec-consult.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170509-0_I_Librarian_Multiple_vulnerabilities_v10.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18104.json b/2017/18xxx/CVE-2017-18104.json index 5e71dc182c6..5a1ffb94fdd 100644 --- a/2017/18xxx/CVE-2017-18104.json +++ b/2017/18xxx/CVE-2017-18104.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-07-24T00:00:00", - "ID" : "CVE-2017-18104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.7" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.11.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-07-24T00:00:00", + "ID": "CVE-2017-18104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.7" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.11.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-59980", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-59980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Webhooks component of Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.11.0 allows remote attackers who are able to observe or otherwise intercept webhook events to learn information about changes in issues that should not be sent because they are not contained within the results of a specified JQL query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-59980", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-59980" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1545.json b/2017/1xxx/CVE-2017-1545.json index 2ed2acfa199..a02719ce024 100644 --- a/2017/1xxx/CVE-2017-1545.json +++ b/2017/1xxx/CVE-2017-1545.json @@ -1,196 +1,196 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-23T00:00:00", - "ID" : "CVE-2017-1545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS", - "version" : { - "version_data" : [ - { - "version_value" : "9.5" - }, - { - "version_value" : "9.5.0.1" - }, - { - "version_value" : "9.5.1" - }, - { - "version_value" : "9.5.1.1" - }, - { - "version_value" : "9.5.1.2" - }, - { - "version_value" : "9.5.2" - }, - { - "version_value" : "9.5.2.1" - }, - { - "version_value" : "9.6" - }, - { - "version_value" : "9.5.0.2" - }, - { - "version_value" : "9.5.0.3" - }, - { - "version_value" : "9.5.1.3" - }, - { - "version_value" : "9.5.1.4" - }, - { - "version_value" : "9.5.2.2" - }, - { - "version_value" : "9.5.2.3" - }, - { - "version_value" : "9.6.0.1" - }, - { - "version_value" : "9.6.0.2" - }, - { - "version_value" : "9.6.1" - }, - { - "version_value" : "9.6.1.1" - }, - { - "version_value" : "9.5.0.4" - }, - { - "version_value" : "9.5.1.5" - }, - { - "version_value" : "9.5.2.4" - }, - { - "version_value" : "9.6.0.3" - }, - { - "version_value" : "9.6.1.2" - }, - { - "version_value" : "9.6.1.3" - }, - { - "version_value" : "9.6.1.4" - }, - { - "version_value" : "9.5.0.5" - }, - { - "version_value" : "9.5.1.6" - }, - { - "version_value" : "9.5.2.5" - }, - { - "version_value" : "9.6.0.4" - }, - { - "version_value" : "9.5.0.6" - }, - { - "version_value" : "9.5.1.7" - }, - { - "version_value" : "9.5.2.6" - }, - { - "version_value" : "9.6.0.5" - }, - { - "version_value" : "9.6.1.5" - }, - { - "version_value" : "9.6.1.6" - }, - { - "version_value" : "9.6.1.7" - }, - { - "version_value" : "9.5.0.7" - }, - { - "version_value" : "9.5.1.8" - }, - { - "version_value" : "9.5.2.7" - }, - { - "version_value" : "9.6.0.6" - }, - { - "version_value" : "9.6.1.8" - }, - { - "version_value" : "9.6.1.9" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-23T00:00:00", + "ID": "CVE-2017-1545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS", + "version": { + "version_data": [ + { + "version_value": "9.5" + }, + { + "version_value": "9.5.0.1" + }, + { + "version_value": "9.5.1" + }, + { + "version_value": "9.5.1.1" + }, + { + "version_value": "9.5.1.2" + }, + { + "version_value": "9.5.2" + }, + { + "version_value": "9.5.2.1" + }, + { + "version_value": "9.6" + }, + { + "version_value": "9.5.0.2" + }, + { + "version_value": "9.5.0.3" + }, + { + "version_value": "9.5.1.3" + }, + { + "version_value": "9.5.1.4" + }, + { + "version_value": "9.5.2.2" + }, + { + "version_value": "9.5.2.3" + }, + { + "version_value": "9.6.0.1" + }, + { + "version_value": "9.6.0.2" + }, + { + "version_value": "9.6.1" + }, + { + "version_value": "9.6.1.1" + }, + { + "version_value": "9.5.0.4" + }, + { + "version_value": "9.5.1.5" + }, + { + "version_value": "9.5.2.4" + }, + { + "version_value": "9.6.0.3" + }, + { + "version_value": "9.6.1.2" + }, + { + "version_value": "9.6.1.3" + }, + { + "version_value": "9.6.1.4" + }, + { + "version_value": "9.5.0.5" + }, + { + "version_value": "9.5.1.6" + }, + { + "version_value": "9.5.2.5" + }, + { + "version_value": "9.6.0.4" + }, + { + "version_value": "9.5.0.6" + }, + { + "version_value": "9.5.1.7" + }, + { + "version_value": "9.5.2.6" + }, + { + "version_value": "9.6.0.5" + }, + { + "version_value": "9.6.1.5" + }, + { + "version_value": "9.6.1.6" + }, + { + "version_value": "9.6.1.7" + }, + { + "version_value": "9.5.0.7" + }, + { + "version_value": "9.5.1.8" + }, + { + "version_value": "9.5.2.7" + }, + { + "version_value": "9.6.0.6" + }, + { + "version_value": "9.6.1.8" + }, + { + "version_value": "9.6.1.9" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789" - }, - { - "name" : "102896", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/130914" + }, + { + "name": "102896", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102896" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22012789", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22012789" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1957.json b/2017/1xxx/CVE-2017-1957.json index 502d885ad2e..e894851f349 100644 --- a/2017/1xxx/CVE-2017-1957.json +++ b/2017/1xxx/CVE-2017-1957.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1957", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1957", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4592.json b/2017/4xxx/CVE-2017-4592.json index 00ac3639d65..041c9c209cd 100644 --- a/2017/4xxx/CVE-2017-4592.json +++ b/2017/4xxx/CVE-2017-4592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4592", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4592", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4629.json b/2017/4xxx/CVE-2017-4629.json index d2e8b8568a7..36b3e52ae69 100644 --- a/2017/4xxx/CVE-2017-4629.json +++ b/2017/4xxx/CVE-2017-4629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4629", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4629", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4719.json b/2017/4xxx/CVE-2017-4719.json index fe5edc9614c..7bf9a77b8c8 100644 --- a/2017/4xxx/CVE-2017-4719.json +++ b/2017/4xxx/CVE-2017-4719.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4719", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4719", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4729.json b/2017/4xxx/CVE-2017-4729.json index d4cac71ff95..226e2a54e87 100644 --- a/2017/4xxx/CVE-2017-4729.json +++ b/2017/4xxx/CVE-2017-4729.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4729", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4729", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4870.json b/2017/4xxx/CVE-2017-4870.json index a47a525786a..851758e5b5c 100644 --- a/2017/4xxx/CVE-2017-4870.json +++ b/2017/4xxx/CVE-2017-4870.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4870", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4870", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file