From 817b6266a015f8589bdee996bd50ceda05c6fbd0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:34:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0921.json | 160 +++++++++--------- 2006/3xxx/CVE-2006-3066.json | 170 +++++++++---------- 2006/3xxx/CVE-2006-3580.json | 170 +++++++++---------- 2006/4xxx/CVE-2006-4010.json | 190 ++++++++++----------- 2006/4xxx/CVE-2006-4128.json | 210 ++++++++++++------------ 2006/4xxx/CVE-2006-4214.json | 220 ++++++++++++------------- 2006/4xxx/CVE-2006-4377.json | 140 ++++++++-------- 2006/4xxx/CVE-2006-4748.json | 220 ++++++++++++------------- 2006/6xxx/CVE-2006-6078.json | 180 ++++++++++---------- 2006/6xxx/CVE-2006-6639.json | 130 +++++++-------- 2006/6xxx/CVE-2006-6835.json | 140 ++++++++-------- 2006/7xxx/CVE-2006-7207.json | 120 +++++++------- 2010/2xxx/CVE-2010-2043.json | 170 +++++++++---------- 2010/2xxx/CVE-2010-2563.json | 140 ++++++++-------- 2011/0xxx/CVE-2011-0194.json | 130 +++++++-------- 2011/0xxx/CVE-2011-0433.json | 180 ++++++++++---------- 2011/0xxx/CVE-2011-0499.json | 140 ++++++++-------- 2011/0xxx/CVE-2011-0613.json | 120 +++++++------- 2011/1xxx/CVE-2011-1485.json | 210 ++++++++++++------------ 2011/1xxx/CVE-2011-1839.json | 140 ++++++++-------- 2011/1xxx/CVE-2011-1994.json | 34 ++-- 2011/4xxx/CVE-2011-4431.json | 130 +++++++-------- 2011/4xxx/CVE-2011-4580.json | 120 +++++++------- 2011/5xxx/CVE-2011-5104.json | 170 +++++++++---------- 2014/2xxx/CVE-2014-2656.json | 34 ++-- 2014/3xxx/CVE-2014-3087.json | 180 ++++++++++---------- 2014/3xxx/CVE-2014-3206.json | 120 +++++++------- 2014/3xxx/CVE-2014-3387.json | 120 +++++++------- 2014/3xxx/CVE-2014-3472.json | 180 ++++++++++---------- 2014/3xxx/CVE-2014-3636.json | 200 +++++++++++----------- 2014/6xxx/CVE-2014-6242.json | 180 ++++++++++---------- 2014/6xxx/CVE-2014-6602.json | 130 +++++++-------- 2014/6xxx/CVE-2014-6674.json | 140 ++++++++-------- 2014/6xxx/CVE-2014-6945.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7093.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7341.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7686.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7966.json | 34 ++-- 2016/2xxx/CVE-2016-2375.json | 170 +++++++++---------- 2016/2xxx/CVE-2016-2548.json | 310 +++++++++++++++++------------------ 2017/1xxx/CVE-2017-1464.json | 34 ++-- 2017/1xxx/CVE-2017-1920.json | 34 ++-- 2017/5xxx/CVE-2017-5661.json | 140 ++++++++-------- 2017/5xxx/CVE-2017-5695.json | 122 +++++++------- 2017/5xxx/CVE-2017-5845.json | 190 ++++++++++----------- 2017/5xxx/CVE-2017-5947.json | 120 +++++++------- 2017/5xxx/CVE-2017-5950.json | 130 +++++++-------- 47 files changed, 3431 insertions(+), 3431 deletions(-) diff --git a/2006/0xxx/CVE-2006-0921.json b/2006/0xxx/CVE-2006-0921.json index 357f5e89995..3b2b32d5c72 100644 --- a/2006/0xxx/CVE-2006-0921.json +++ b/2006/0xxx/CVE-2006-0921.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060223 NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425937/100/0/threaded" - }, - { - "name" : "20060519 Re: NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434559/30/4890/threaded" - }, - { - "name" : "http://www.nsag.ru/vuln/952.html", - "refsource" : "MISC", - "url" : "http://www.nsag.ru/vuln/952.html" - }, - { - "name" : "484", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/484" - }, - { - "name" : "fckeditor-connector-obtain-information(24878)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "484", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/484" + }, + { + "name": "http://www.nsag.ru/vuln/952.html", + "refsource": "MISC", + "url": "http://www.nsag.ru/vuln/952.html" + }, + { + "name": "fckeditor-connector-obtain-information(24878)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24878" + }, + { + "name": "20060519 Re: NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434559/30/4890/threaded" + }, + { + "name": "20060223 NSA Group Security Advisory NSAG-¹195-23.02.2006 Vulnerability FCKeditor 2.0 FC", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425937/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3066.json b/2006/3xxx/CVE-2006-3066.json index 43c51ea482e..570fe58ed55 100644 --- a/2006/3xxx/CVE-2006-3066.json +++ b/2006/3xxx/CVE-2006-3066.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060906 Details for BID 18428", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445297/100/0/threaded" - }, - { - "name" : "IY84096", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY84096" - }, - { - "name" : "18428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18428" - }, - { - "name" : "ADV-2006-2332", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2332" - }, - { - "name" : "29861", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29861" - }, - { - "name" : "20579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29861", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29861" + }, + { + "name": "IY84096", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY84096" + }, + { + "name": "20060906 Details for BID 18428", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445297/100/0/threaded" + }, + { + "name": "20579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20579" + }, + { + "name": "18428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18428" + }, + { + "name": "ADV-2006-2332", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2332" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3580.json b/2006/3xxx/CVE-2006-3580.json index a1283e60a71..1040140c3e5 100644 --- a/2006/3xxx/CVE-2006-3580.json +++ b/2006/3xxx/CVE-2006-3580.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hamid.ir/security/aspstats.txt", - "refsource" : "MISC", - "url" : "http://www.hamid.ir/security/aspstats.txt" - }, - { - "name" : "1931", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1931" - }, - { - "name" : "18512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18512" - }, - { - "name" : "1016336", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016336" - }, - { - "name" : "20721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20721" - }, - { - "name" : "aspstatsgenerator-pages-sql-injection(27283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1931", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1931" + }, + { + "name": "http://www.hamid.ir/security/aspstats.txt", + "refsource": "MISC", + "url": "http://www.hamid.ir/security/aspstats.txt" + }, + { + "name": "20721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20721" + }, + { + "name": "aspstatsgenerator-pages-sql-injection(27283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27283" + }, + { + "name": "18512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18512" + }, + { + "name": "1016336", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016336" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4010.json b/2006/4xxx/CVE-2006-4010.json index e23e14ca09a..9c7b5eab41e 100644 --- a/2006/4xxx/CVE-2006-4010.json +++ b/2006/4xxx/CVE-2006-4010.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 Vwar v1.5.0 <= Sql Injection and XSS vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442101/100/0/threaded" - }, - { - "name" : "20060814 Virtual War v1.5.0 SQL injection and XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443171/100/0/threaded" - }, - { - "name" : "20080213 Re: Vwar New Bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488118/100/200/threaded" - }, - { - "name" : "20080213 Vwar New Bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0186.html" - }, - { - "name" : "19327", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19327" - }, - { - "name" : "27772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27772" - }, - { - "name" : "1331", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1331" - }, - { - "name" : "virtualwar-warphp-sql-injection(40481)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40481" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060803 Vwar v1.5.0 <= Sql Injection and XSS vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442101/100/0/threaded" + }, + { + "name": "20060814 Virtual War v1.5.0 SQL injection and XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443171/100/0/threaded" + }, + { + "name": "20080213 Re: Vwar New Bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488118/100/200/threaded" + }, + { + "name": "20080213 Vwar New Bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0186.html" + }, + { + "name": "1331", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1331" + }, + { + "name": "19327", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19327" + }, + { + "name": "27772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27772" + }, + { + "name": "virtualwar-warphp-sql-injection(40481)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40481" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4128.json b/2006/4xxx/CVE-2006-4128.json index 23af0507f8d..7a3a6d14e71 100644 --- a/2006/4xxx/CVE-2006-4128.json +++ b/2006/4xxx/CVE-2006-4128.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060811 (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443037/100/0/threaded" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html" - }, - { - "name" : "http://seer.entsupport.symantec.com/docs/284623.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.entsupport.symantec.com/docs/284623.htm" - }, - { - "name" : "VU#647796", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/647796" - }, - { - "name" : "19479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19479" - }, - { - "name" : "ADV-2006-3266", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3266" - }, - { - "name" : "1016683", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016683" - }, - { - "name" : "21472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21472" - }, - { - "name" : "1380", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1380" - }, - { - "name" : "backupexec-rpc-interface-bo(28336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016683", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016683" + }, + { + "name": "http://seer.entsupport.symantec.com/docs/284623.htm", + "refsource": "CONFIRM", + "url": "http://seer.entsupport.symantec.com/docs/284623.htm" + }, + { + "name": "backupexec-rpc-interface-bo(28336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28336" + }, + { + "name": "20060811 (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443037/100/0/threaded" + }, + { + "name": "VU#647796", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/647796" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.08.11.html" + }, + { + "name": "1380", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1380" + }, + { + "name": "ADV-2006-3266", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3266" + }, + { + "name": "19479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19479" + }, + { + "name": "21472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21472" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4214.json b/2006/4xxx/CVE-2006-4214.json index 02838fd8ef9..2ab8b86816b 100644 --- a/2006/4xxx/CVE-2006-4214.json +++ b/2006/4xxx/CVE-2006-4214.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gulftech.org/?node=research&article_id=00109-08152006", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00109-08152006" - }, - { - "name" : "http://www.zen-cart.com/forum/showthread.php?t=43579", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/forum/showthread.php?t=43579" - }, - { - "name" : "19542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19542" - }, - { - "name" : "ADV-2006-3283", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3283" - }, - { - "name" : "28145", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28145" - }, - { - "name" : "28146", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28146" - }, - { - "name" : "28147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28147" - }, - { - "name" : "28144", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28144" - }, - { - "name" : "28148", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28148" - }, - { - "name" : "21484", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21484" - }, - { - "name" : "zencart-multiple-scripts-sql-injection(28393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28144", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28144" + }, + { + "name": "ADV-2006-3283", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3283" + }, + { + "name": "zencart-multiple-scripts-sql-injection(28393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28393" + }, + { + "name": "28145", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28145" + }, + { + "name": "19542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19542" + }, + { + "name": "28148", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28148" + }, + { + "name": "28147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28147" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00109-08152006", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00109-08152006" + }, + { + "name": "21484", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21484" + }, + { + "name": "http://www.zen-cart.com/forum/showthread.php?t=43579", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/forum/showthread.php?t=43579" + }, + { + "name": "28146", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28146" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4377.json b/2006/4xxx/CVE-2006-4377.json index af9738733c0..7f59c91da04 100644 --- a/2006/4xxx/CVE-2006-4377.json +++ b/2006/4xxx/CVE-2006-4377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060820 Tons of SQL-injections and XSS in Eichhorn Portal and vendor page", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444065/100/0/threaded" - }, - { - "name" : "1458", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1458" - }, - { - "name" : "eichhorn-multiple-sql-injection(28535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eichhorn-multiple-sql-injection(28535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28535" + }, + { + "name": "1458", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1458" + }, + { + "name": "20060820 Tons of SQL-injections and XSS in Eichhorn Portal and vendor page", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444065/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4748.json b/2006/4xxx/CVE-2006-4748.json index b08a82bb22c..f368f0a9e0f 100644 --- a/2006/4xxx/CVE-2006-4748.json +++ b/2006/4xxx/CVE-2006-4748.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 Sql injection in BLOG:CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445538/100/0/threaded" - }, - { - "name" : "http://www.hackers.ir/advisories/blogcms.html", - "refsource" : "MISC", - "url" : "http://www.hackers.ir/advisories/blogcms.html" - }, - { - "name" : "http://blogcms.com/wiki/changelog", - "refsource" : "CONFIRM", - "url" : "http://blogcms.com/wiki/changelog" - }, - { - "name" : "19909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19909" - }, - { - "name" : "ADV-2006-3521", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3521" - }, - { - "name" : "28604", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28604" - }, - { - "name" : "28605", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28605" - }, - { - "name" : "28606", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28606" - }, - { - "name" : "21808", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21808" - }, - { - "name" : "1566", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1566" - }, - { - "name" : "blogcms-nplog-sql-injection(28808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hackers.ir/advisories/blogcms.html", + "refsource": "MISC", + "url": "http://www.hackers.ir/advisories/blogcms.html" + }, + { + "name": "20060907 Sql injection in BLOG:CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445538/100/0/threaded" + }, + { + "name": "28605", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28605" + }, + { + "name": "http://blogcms.com/wiki/changelog", + "refsource": "CONFIRM", + "url": "http://blogcms.com/wiki/changelog" + }, + { + "name": "blogcms-nplog-sql-injection(28808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28808" + }, + { + "name": "19909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19909" + }, + { + "name": "21808", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21808" + }, + { + "name": "ADV-2006-3521", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3521" + }, + { + "name": "28604", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28604" + }, + { + "name": "28606", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28606" + }, + { + "name": "1566", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1566" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6078.json b/2006/6xxx/CVE-2006-6078.json index 0e4ef97691c..d39310aed32 100644 --- a/2006/6xxx/CVE-2006-6078.json +++ b/2006/6xxx/CVE-2006-6078.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061123 [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452433/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv61-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv61-matdhule-2006.txt" - }, - { - "name" : "2831", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2831" - }, - { - "name" : "21255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21255" - }, - { - "name" : "ADV-2006-4705", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4705" - }, - { - "name" : "1017278", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017278" - }, - { - "name" : "1909", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061123 [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452433/100/0/threaded" + }, + { + "name": "ADV-2006-4705", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4705" + }, + { + "name": "1909", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1909" + }, + { + "name": "http://advisories.echo.or.id/adv/adv61-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv61-matdhule-2006.txt" + }, + { + "name": "2831", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2831" + }, + { + "name": "21255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21255" + }, + { + "name": "1017278", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017278" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6639.json b/2006/6xxx/CVE-2006-6639.json index 928ab44e5c7..314245b49dc 100644 --- a/2006/6xxx/CVE-2006-6639.json +++ b/2006/6xxx/CVE-2006-6639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21644" - }, - { - "name" : "23024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23024" + }, + { + "name": "21644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21644" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6835.json b/2006/6xxx/CVE-2006-6835.json index 2dff96a067f..b351d1d0a9b 100644 --- a/2006/6xxx/CVE-2006-6835.json +++ b/2006/6xxx/CVE-2006-6835.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061229 LDU <= 8.x (journal.php) SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455495/100/0/threaded" - }, - { - "name" : "2085", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2085" - }, - { - "name" : "ldu-journal-sql-injection(31189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2085", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2085" + }, + { + "name": "20061229 LDU <= 8.x (journal.php) SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455495/100/0/threaded" + }, + { + "name": "ldu-journal-sql-injection(31189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31189" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7207.json b/2006/7xxx/CVE-2006-7207.json index e4c92b1af2e..efeb6d23dea 100644 --- a/2006/7xxx/CVE-2006-7207.json +++ b/2006/7xxx/CVE-2006-7207.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ageet.com/us/agephone/help/index.htm#vers", - "refsource" : "CONFIRM", - "url" : "http://www.ageet.com/us/agephone/help/index.htm#vers" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ageet.com/us/agephone/help/index.htm#vers", + "refsource": "CONFIRM", + "url": "http://www.ageet.com/us/agephone/help/index.htm#vers" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2043.json b/2010/2xxx/CVE-2010-2043.json index 6cad904089f..823f87013ce 100644 --- a/2010/2xxx/CVE-2010-2043.json +++ b/2010/2xxx/CVE-2010-2043.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html", - "refsource" : "MISC", - "url" : "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html" - }, - { - "name" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt" - }, - { - "name" : "40249", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40249" - }, - { - "name" : "64727", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64727" - }, - { - "name" : "39868", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39868" - }, - { - "name" : "datatrack-workordersummary-xss(58732)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58732" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39868", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39868" + }, + { + "name": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html", + "refsource": "MISC", + "url": "http://cross-site-scripting.blogspot.com/2010/05/datatrack-system-35-persistent-xss.html" + }, + { + "name": "40249", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40249" + }, + { + "name": "datatrack-workordersummary-xss(58732)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58732" + }, + { + "name": "64727", + "refsource": "OSVDB", + "url": "http://osvdb.org/64727" + }, + { + "name": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1005-exploits/datatrackserver35-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2563.json b/2010/2xxx/CVE-2010-2563.json index 732f59f3eed..5e26bd79ade 100644 --- a/2010/2xxx/CVE-2010-2563.json +++ b/2010/2xxx/CVE-2010-2563.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka \"WordPad Word 97 Text Converter Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100914 Microsoft WordPad Word97 Converter Memory Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=879" - }, - { - "name" : "MS10-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-067" - }, - { - "name" : "oval:org.mitre.oval:def:6632", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka \"WordPad Word 97 Text Converter Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS10-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-067" + }, + { + "name": "20100914 Microsoft WordPad Word97 Converter Memory Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=879" + }, + { + "name": "oval:org.mitre.oval:def:6632", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6632" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0194.json b/2011/0xxx/CVE-2011-0194.json index 8a6be030111..b3206e4589d 100644 --- a/2011/0xxx/CVE-2011-0194.json +++ b/2011/0xxx/CVE-2011-0194.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0433.json b/2011/0xxx/CVE-2011-0433.json index 19899d48731..5d12f469cc4 100644 --- a/2011/0xxx/CVE-2011-0433.json +++ b/2011/0xxx/CVE-2011-0433.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=640923", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=640923" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=679732", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=679732" - }, - { - "name" : "GLSA-201701-57", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-57" - }, - { - "name" : "MDVSA-2012:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" - }, - { - "name" : "RHSA-2012:1201", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1201.html" - }, - { - "name" : "48985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=679732", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=679732" + }, + { + "name": "48985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48985" + }, + { + "name": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2011/02/20/cve-2011-0433-evince-linetoken-buffer-overflow/" + }, + { + "name": "RHSA-2012:1201", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1201.html" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=640923", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=640923" + }, + { + "name": "MDVSA-2012:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:144" + }, + { + "name": "GLSA-201701-57", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-57" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0499.json b/2011/0xxx/CVE-2011-0499.json index 47675a05200..94ae274eab3 100644 --- a/2011/0xxx/CVE-2011-0499.json +++ b/2011/0xxx/CVE-2011-0499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long \"name\" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42866", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42866" - }, - { - "name" : "42876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42876" - }, - { - "name" : "videospirit-name-bo(64863)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long \"name\" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42876" + }, + { + "name": "42866", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42866" + }, + { + "name": "videospirit-name-bo(64863)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64863" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0613.json b/2011/0xxx/CVE-2011-0613.json index 9740894b42a..c0dd3d433d1 100644 --- a/2011/0xxx/CVE-2011-0613.json +++ b/2011/0xxx/CVE-2011-0613.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-09.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-09.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-09.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1485.json b/2011/1xxx/CVE-2011-1485.json index 7e0a5ceb23a..0b13932b62e 100644 --- a/2011/1xxx/CVE-2011-1485.json +++ b/2011/1xxx/CVE-2011-1485.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=692922", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=692922" - }, - { - "name" : "DSA-2319", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2319" - }, - { - "name" : "FEDORA-2011-5589", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html" - }, - { - "name" : "FEDORA-2011-5676", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html" - }, - { - "name" : "GLSA-201204-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-06.xml" - }, - { - "name" : "MDVSA-2011:086", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:086" - }, - { - "name" : "RHSA-2011:0455", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0455.html" - }, - { - "name" : "USN-1117-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1117-1" - }, - { - "name" : "48817", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48817" - }, - { - "name" : "8424", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0455", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0455.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=692922", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=692922" + }, + { + "name": "DSA-2319", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2319" + }, + { + "name": "8424", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8424" + }, + { + "name": "FEDORA-2011-5676", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html" + }, + { + "name": "USN-1117-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1117-1" + }, + { + "name": "FEDORA-2011-5589", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html" + }, + { + "name": "GLSA-201204-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-06.xml" + }, + { + "name": "48817", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48817" + }, + { + "name": "MDVSA-2011:086", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:086" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1839.json b/2011/1xxx/CVE-2011-1839.json index fba0d6aec67..0b857cb36f6 100644 --- a/2011/1xxx/CVE-2011-1839.json +++ b/2011/1xxx/CVE-2011-1839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM29655", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM29655" - }, - { - "name" : "ADV-2011-0919", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0919" - }, - { - "name" : "ibm-rational-servlet-info-disclosure(66714)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66714" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0919", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0919" + }, + { + "name": "ibm-rational-servlet-info-disclosure(66714)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66714" + }, + { + "name": "PM29655", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM29655" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1994.json b/2011/1xxx/CVE-2011-1994.json index 4091557dddb..c10d51671d7 100644 --- a/2011/1xxx/CVE-2011-1994.json +++ b/2011/1xxx/CVE-2011-1994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1994", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-1994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4431.json b/2011/4xxx/CVE-2011-4431.json index 098b3e0aeb0..bb26fdb63ef 100644 --- a/2011/4xxx/CVE-2011-4431.json +++ b/2011/4xxx/CVE-2011-4431.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt" - }, - { - "name" : "8530", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2011-017.txt" + }, + { + "name": "8530", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8530" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4580.json b/2011/4xxx/CVE-2011-4580.json index f6e7b0c5688..dabb76a99a7 100644 --- a/2011/4xxx/CVE-2011-4580.json +++ b/2011/4xxx/CVE-2011-4580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2011:1822", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1822.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1822", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1822.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5104.json b/2011/5xxx/CVE-2011-5104.json index 941d7fb236d..232d23a9591 100644 --- a/2011/5xxx/CVE-2011-5104.json +++ b/2011/5xxx/CVE-2011-5104.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce", - "refsource" : "MISC", - "url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce" - }, - { - "name" : "http://wordpress.org/extend/plugins/wp-e-commerce/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/extend/plugins/wp-e-commerce/changelog/" - }, - { - "name" : "50757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50757" - }, - { - "name" : "77249", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77249" - }, - { - "name" : "46957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46957" - }, - { - "name" : "wpecommerce-index-xss(71443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46957" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce", + "refsource": "MISC", + "url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce" + }, + { + "name": "wpecommerce-index-xss(71443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71443" + }, + { + "name": "77249", + "refsource": "OSVDB", + "url": "http://osvdb.org/77249" + }, + { + "name": "50757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50757" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-e-commerce/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/extend/plugins/wp-e-commerce/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2656.json b/2014/2xxx/CVE-2014-2656.json index 666d700fdf5..b663db6696c 100644 --- a/2014/2xxx/CVE-2014-2656.json +++ b/2014/2xxx/CVE-2014-2656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2656", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the vulnerability report was not valid. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the vulnerability report was not valid. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3087.json b/2014/3xxx/CVE-2014-3087.json index 6c14a552a64..94d3185a73e 100644 --- a/2014/3xxx/CVE-2014-3087.json +++ b/2014/3xxx/CVE-2014-3087.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679726", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679726" - }, - { - "name" : "JR50616", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616" - }, - { - "name" : "69264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69264" - }, - { - "name" : "60752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60752" - }, - { - "name" : "60755", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60755" - }, - { - "name" : "60757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60757" - }, - { - "name" : "ibm-websphere-cve20143087-info-disc(94112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69264" + }, + { + "name": "ibm-websphere-cve20143087-info-disc(94112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94112" + }, + { + "name": "JR50616", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50616" + }, + { + "name": "60757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60757" + }, + { + "name": "60755", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60755" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679726", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679726" + }, + { + "name": "60752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60752" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3206.json b/2014/3xxx/CVE-2014-3206.json index 070326a4e43..7a379724c6d 100644 --- a/2014/3xxx/CVE-2014-3206.json +++ b/2014/3xxx/CVE-2014-3206.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33159", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/33159/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33159", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/33159/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3387.json b/2014/3xxx/CVE-2014-3387.json index 9c9e61ccae7..75734a1062e 100644 --- a/2014/3xxx/CVE-2014-3387.json +++ b/2014/3xxx/CVE-2014-3387.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SunRPC inspection engine in Cisco ASA Software 7.2 before 7.2(5.14), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.3) allows remote attackers to cause a denial of service (device reload) via crafted SunRPC packets, aka Bug ID CSCun11074." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3472.json b/2014/3xxx/CVE-2014-3472.json index 9dafe2c7137..9c4e6fcc68e 100644 --- a/2014/3xxx/CVE-2014-3472.json +++ b/2014/3xxx/CVE-2014-3472.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1103815", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" - }, - { - "name" : "RHSA-2014:1019", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1019.html" - }, - { - "name" : "RHSA-2014:1020", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1020.html" - }, - { - "name" : "RHSA-2014:1021", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1021.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "69094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69094" - }, - { - "name" : "jboss-cve20143472-sec-bypass(95170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "RHSA-2014:1020", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" + }, + { + "name": "69094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69094" + }, + { + "name": "RHSA-2014:1021", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" + }, + { + "name": "RHSA-2014:1019", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" + }, + { + "name": "jboss-cve20143472-sec-bypass(95170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95170" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3636.json b/2014/3xxx/CVE-2014-3636.json index 8b11955a9f7..cc2772734e9 100644 --- a/2014/3xxx/CVE-2014-3636.json +++ b/2014/3xxx/CVE-2014-3636.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/16/9" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=82820", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=82820" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0395.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0395.html" - }, - { - "name" : "DSA-3026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3026" - }, - { - "name" : "MDVSA-2015:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" - }, - { - "name" : "openSUSE-SU-2014:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" - }, - { - "name" : "USN-2352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2352-1" - }, - { - "name" : "1030864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030864" - }, - { - "name" : "61378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2352-1" + }, + { + "name": "openSUSE-SU-2014:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" + }, + { + "name": "61378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61378" + }, + { + "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" + }, + { + "name": "1030864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030864" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=82820", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=82820" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0395.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0395.html" + }, + { + "name": "DSA-3026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3026" + }, + { + "name": "MDVSA-2015:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6242.json b/2014/6xxx/CVE-2014-6242.json index 1631aeaf4d1..8b47fdbddfb 100644 --- a/2014/6xxx/CVE-2014-6242.json +++ b/2014/6xxx/CVE-2014-6242.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140924 Two SQL Injections in All In One WP Security WordPress plugin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533519/100/0/threaded" - }, - { - "name" : "34781", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34781" - }, - { - "name" : "http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23231", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23231" - }, - { - "name" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog" - }, - { - "name" : "70150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70150" - }, - { - "name" : "allinone-wp-cve20146242-sql-injection(96204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html" + }, + { + "name": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog" + }, + { + "name": "34781", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34781" + }, + { + "name": "70150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70150" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23231", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23231" + }, + { + "name": "20140924 Two SQL Injections in All In One WP Security WordPress plugin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533519/100/0/threaded" + }, + { + "name": "allinone-wp-cve20146242-sql-injection(96204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96204" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6602.json b/2014/6xxx/CVE-2014-6602.json index e9607264987..25d2e7d6129 100644 --- a/2014/6xxx/CVE-2014-6602.json +++ b/2014/6xxx/CVE-2014-6602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/128320/Nokia-Asha-501-Lock-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128320/Nokia-Asha-501-Lock-Bypass.html" - }, - { - "name" : "ms-nokia-cve20146602-sec-bypass(96195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/128320/Nokia-Asha-501-Lock-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128320/Nokia-Asha-501-Lock-Bypass.html" + }, + { + "name": "ms-nokia-cve20146602-sec-bypass(96195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96195" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6674.json b/2014/6xxx/CVE-2014-6674.json index 836b26c414b..0b946a58843 100644 --- a/2014/6xxx/CVE-2014-6674.json +++ b/2014/6xxx/CVE-2014-6674.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#825993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/825993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#825993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/825993" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6945.json b/2014/6xxx/CVE-2014-6945.json index c12e9f8d32f..4fdd6080646 100644 --- a/2014/6xxx/CVE-2014-6945.json +++ b/2014/6xxx/CVE-2014-6945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#185793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/185793" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#185793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/185793" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7093.json b/2014/7xxx/CVE-2014-7093.json index c79c09687f7..baac5915ba0 100644 --- a/2014/7xxx/CVE-2014-7093.json +++ b/2014/7xxx/CVE-2014-7093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#384761", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/384761" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#384761", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/384761" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7341.json b/2014/7xxx/CVE-2014-7341.json index fa020d06578..a3c372a400a 100644 --- a/2014/7xxx/CVE-2014-7341.json +++ b/2014/7xxx/CVE-2014-7341.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#318937", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/318937" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#318937", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/318937" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7686.json b/2014/7xxx/CVE-2014-7686.json index 3cbeb3dbf50..351d5a54402 100644 --- a/2014/7xxx/CVE-2014-7686.json +++ b/2014/7xxx/CVE-2014-7686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#774161", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/774161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#774161", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/774161" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7966.json b/2014/7xxx/CVE-2014-7966.json index 4dde430d139..fbf63adfc81 100644 --- a/2014/7xxx/CVE-2014-7966.json +++ b/2014/7xxx/CVE-2014-7966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7966", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7966", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2375.json b/2016/2xxx/CVE-2016-2375.json index b103db6af67..5f063daffb2 100644 --- a/2016/2xxx/CVE-2016-2375.json +++ b/2016/2xxx/CVE-2016-2375.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pidgin", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.11" - } - ] - } - } - ] - }, - "vendor_name" : "Pidgin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pidgin", + "version": { + "version_data": [ + { + "version_value": "2.10.11" + } + ] + } + } + ] + }, + "vendor_name": "Pidgin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0143/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0143/" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=108", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=108" - }, - { - "name" : "DSA-3620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3620" - }, - { - "name" : "GLSA-201701-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-38" - }, - { - "name" : "USN-3031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3031-1" - }, - { - "name" : "91335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0143/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0143/" + }, + { + "name": "91335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91335" + }, + { + "name": "DSA-3620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3620" + }, + { + "name": "http://www.pidgin.im/news/security/?id=108", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=108" + }, + { + "name": "GLSA-201701-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-38" + }, + { + "name": "USN-3031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3031-1" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2548.json b/2016/2xxx/CVE-2016-2548.json index a41d9b39bbf..a2da3e84a0d 100644 --- a/2016/2xxx/CVE-2016-2548.json +++ b/2016/2xxx/CVE-2016-2548.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/19/1" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311568", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1311568" - }, - { - "name" : "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" - }, - { - "name" : "DSA-3503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3503" - }, - { - "name" : "SUSE-SU-2016:2074", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" - }, - { - "name" : "SUSE-SU-2016:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" - }, - { - "name" : "SUSE-SU-2016:1102", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" - }, - { - "name" : "USN-2967-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-1" - }, - { - "name" : "USN-2967-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2967-2" - }, - { - "name" : "USN-2929-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-1" - }, - { - "name" : "USN-2929-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2929-2" - }, - { - "name" : "USN-2930-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-1" - }, - { - "name" : "USN-2930-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-2" - }, - { - "name" : "USN-2930-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2930-3" - }, - { - "name" : "USN-2931-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2931-1" - }, - { - "name" : "USN-2932-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2932-1" - }, - { - "name" : "83383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/83383" - }, - { - "name" : "1035306", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1035306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2930-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-1" + }, + { + "name": "USN-2967-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-1" + }, + { + "name": "83383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/83383" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1" + }, + { + "name": "USN-2930-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-2" + }, + { + "name": "1035306", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1035306" + }, + { + "name": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311568" + }, + { + "name": "DSA-3503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3503" + }, + { + "name": "USN-2967-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2967-2" + }, + { + "name": "[oss-security] 20160119 Security bugs in Linux kernel sound subsystem", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/1" + }, + { + "name": "USN-2930-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2930-3" + }, + { + "name": "SUSE-SU-2016:1102", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html" + }, + { + "name": "USN-2929-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-1" + }, + { + "name": "USN-2932-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2932-1" + }, + { + "name": "SUSE-SU-2016:2074", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html" + }, + { + "name": "USN-2931-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2931-1" + }, + { + "name": "USN-2929-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2929-2" + }, + { + "name": "SUSE-SU-2016:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1464.json b/2017/1xxx/CVE-2017-1464.json index e2e9b383aff..72556990f84 100644 --- a/2017/1xxx/CVE-2017-1464.json +++ b/2017/1xxx/CVE-2017-1464.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1464", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1464", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1920.json b/2017/1xxx/CVE-2017-1920.json index b0c83572af3..79e2c7440f3 100644 --- a/2017/1xxx/CVE-2017-1920.json +++ b/2017/1xxx/CVE-2017-1920.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1920", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1920", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5661.json b/2017/5xxx/CVE-2017-5661.json index 22626183cd0..026c1184607 100644 --- a/2017/5xxx/CVE-2017-5661.json +++ b/2017/5xxx/CVE-2017-5661.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache FOP", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache FOP", + "version": { + "version_data": [ + { + "version_value": "before 2.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xmlgraphics.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://xmlgraphics.apache.org/security.html" - }, - { - "name" : "DSA-3864", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3864" - }, - { - "name" : "97947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3864", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3864" + }, + { + "name": "97947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97947" + }, + { + "name": "https://xmlgraphics.apache.org/security.html", + "refsource": "CONFIRM", + "url": "https://xmlgraphics.apache.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5695.json b/2017/5xxx/CVE-2017-5695.json index f6d5bc0d764..5b9c0a16773 100644 --- a/2017/5xxx/CVE-2017-5695.json +++ b/2017/5xxx/CVE-2017-5695.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-5695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solid-State Drive Consumer, Professional, Embedded, Data Center", - "version" : { - "version_data" : [ - { - "version_value" : "LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-5695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solid-State Drive Consumer, Professional, Embedded, Data Center", + "version": { + "version_data": [ + { + "version_value": "LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00079&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00079&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00079&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00079&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5845.json b/2017/5xxx/CVE-2017-5845.json index 175ed241436..15f2d47b512 100644 --- a/2017/5xxx/CVE-2017-5845.json +++ b/2017/5xxx/CVE-2017-5845.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that \"goes behind\" the surrounding tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777532", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777532" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3820", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3820" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that \"goes behind\" the surrounding tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "DSA-3820", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3820" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777532", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777532" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5947.json b/2017/5xxx/CVE-2017-5947.json index 85cd5435ba7..2d1ee9a1c80 100644 --- a/2017/5xxx/CVE-2017-5947.json +++ b/2017/5xxx/CVE-2017-5947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://alephsecurity.com/vulns/aleph-2017007", - "refsource" : "MISC", - "url" : "https://alephsecurity.com/vulns/aleph-2017007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS 5.0 and earlier. The attacker can reboot the device into the Qualcomm Emergency Download (EDL) mode through ADB or by using Volume-Up when connected to USB, which in turn could allow for downgrading partitions such as the Android Bootloader." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://alephsecurity.com/vulns/aleph-2017007", + "refsource": "MISC", + "url": "https://alephsecurity.com/vulns/aleph-2017007" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5950.json b/2017/5xxx/CVE-2017-5950.json index f79dc107139..dbb6439a280 100644 --- a/2017/5xxx/CVE-2017-5950.json +++ b/2017/5xxx/CVE-2017-5950.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbeder/yaml-cpp/issues/459", - "refsource" : "MISC", - "url" : "https://github.com/jbeder/yaml-cpp/issues/459" - }, - { - "name" : "97307", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97307", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97307" + }, + { + "name": "https://github.com/jbeder/yaml-cpp/issues/459", + "refsource": "MISC", + "url": "https://github.com/jbeder/yaml-cpp/issues/459" + } + ] + } +} \ No newline at end of file