diff --git a/2001/0xxx/CVE-2001-0067.json b/2001/0xxx/CVE-2001-0067.json index 761aceac8c2..2fb746ca298 100644 --- a/2001/0xxx/CVE-2001-0067.json +++ b/2001/0xxx/CVE-2001-0067.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20001214 J-Pilot Permissions Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&fromthread=1&start=2001-01-28&threads=0&list=1&" - }, - { - "name" : "MDKSA-2000:081", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3" - }, - { - "name" : "jpilot-perms(5762)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jpilot-perms(5762)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5762" + }, + { + "name": "20001214 J-Pilot Permissions Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/templates/archive.pike?mid=150957&end=2001-02-03&fromthread=1&start=2001-01-28&threads=0&list=1&" + }, + { + "name": "MDKSA-2000:081", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-081.php3" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1060.json b/2001/1xxx/CVE-2001-1060.json index 2795b3a7320..1f31d388c2e 100644 --- a/2001/1xxx/CVE-2001-1060.json +++ b/2001/1xxx/CVE-2001-1060.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010731 New command execution vulnerability in myPhpAdmin", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/200596" - }, - { - "name" : "http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/", - "refsource" : "MISC", - "url" : "http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/" - }, - { - "name" : "3121", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3121", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3121" + }, + { + "name": "http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/", + "refsource": "MISC", + "url": "http://freshmeat.net/redir/phpmyadmin/8001/url_changelog/" + }, + { + "name": "20010731 New command execution vulnerability in myPhpAdmin", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/200596" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2244.json b/2006/2xxx/CVE-2006-2244.json index 54c52372ce5..0578acee927 100644 --- a/2006/2xxx/CVE-2006-2244.json +++ b/2006/2xxx/CVE-2006-2244.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25285" - }, - { - "name" : "25286", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25286" - }, - { - "name" : "1016027", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016027" - }, - { - "name" : "17880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17880" - }, - { - "name" : "newsportal-comentarii-view-sql-injection(26260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "newsportal-comentarii-view-sql-injection(26260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26260" + }, + { + "name": "25286", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25286" + }, + { + "name": "1016027", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016027" + }, + { + "name": "25285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25285" + }, + { + "name": "17880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17880" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2425.json b/2006/2xxx/CVE-2006-2425.json index 65f18a72233..02ff5589137 100644 --- a/2006/2xxx/CVE-2006-2425.json +++ b/2006/2xxx/CVE-2006-2425.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) \"MAKE DIR\" and (5) \"Full file name\" fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 PhpRemoteView Multiple Xss Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434118/100/0/threaded" - }, - { - "name" : "http://soot.shabgard.org/bugs/phpremoteview.txt", - "refsource" : "MISC", - "url" : "http://soot.shabgard.org/bugs/phpremoteview.txt" - }, - { - "name" : "17994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17994" - }, - { - "name" : "ADV-2006-1844", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1844" - }, - { - "name" : "25572", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25572" - }, - { - "name" : "20141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20141" - }, - { - "name" : "902", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/902" - }, - { - "name" : "phpremoteview-prv-xss(26473)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) \"MAKE DIR\" and (5) \"Full file name\" fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpremoteview-prv-xss(26473)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26473" + }, + { + "name": "25572", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25572" + }, + { + "name": "20141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20141" + }, + { + "name": "ADV-2006-1844", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1844" + }, + { + "name": "17994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17994" + }, + { + "name": "http://soot.shabgard.org/bugs/phpremoteview.txt", + "refsource": "MISC", + "url": "http://soot.shabgard.org/bugs/phpremoteview.txt" + }, + { + "name": "20060516 PhpRemoteView Multiple Xss Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434118/100/0/threaded" + }, + { + "name": "902", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/902" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2524.json b/2006/2xxx/CVE-2006-2524.json index 4946b513b12..6fad3e24b7f 100644 --- a/2006/2xxx/CVE-2006-2524.json +++ b/2006/2xxx/CVE-2006-2524.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103" - }, - { - "name" : "http://www.usebb.net/community/topic.php?id=1130", - "refsource" : "CONFIRM", - "url" : "http://www.usebb.net/community/topic.php?id=1130" - }, - { - "name" : "ADV-2006-1900", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1900" - }, - { - "name" : "25684", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25684" - }, - { - "name" : "20187", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20187" - }, - { - "name" : "usebb-userdate-xss(26600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1900", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1900" + }, + { + "name": "http://www.usebb.net/community/topic.php?id=1130", + "refsource": "CONFIRM", + "url": "http://www.usebb.net/community/topic.php?id=1130" + }, + { + "name": "20187", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20187" + }, + { + "name": "usebb-userdate-xss(26600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26600" + }, + { + "name": "25684", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25684" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=418462&group_id=93103" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2834.json b/2006/2xxx/CVE-2006-2834.json index ad7614c15cc..403258faf62 100644 --- a/2006/2xxx/CVE-2006-2834.json +++ b/2006/2xxx/CVE-2006-2834.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1851", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1851" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=576672", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=576672" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=421183&group_id=166450", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=421183&group_id=166450" - }, - { - "name" : "18180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18180" - }, - { - "name" : "ADV-2006-2078", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2078" - }, - { - "name" : "1016189", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016189" - }, - { - "name" : "gnopaste-common-file-include(26744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gnopaste-common-file-include(26744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26744" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=421183&group_id=166450", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=421183&group_id=166450" + }, + { + "name": "1851", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1851" + }, + { + "name": "ADV-2006-2078", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2078" + }, + { + "name": "1016189", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016189" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=576672", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=576672" + }, + { + "name": "18180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18180" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6080.json b/2006/6xxx/CVE-2006-6080.json index c77e66f570c..eb8d4e14c41 100644 --- a/2006/6xxx/CVE-2006-6080.json +++ b/2006/6xxx/CVE-2006-6080.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 gNews Publisher SQL Injection Vulnerabilites", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452116/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=37", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=37" - }, - { - "name" : "21194", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21194" - }, - { - "name" : "1908", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1908" - }, - { - "name" : "gnews-categories-sql-injection(30422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1908", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1908" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=37", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=37" + }, + { + "name": "20061120 gNews Publisher SQL Injection Vulnerabilites", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452116/100/0/threaded" + }, + { + "name": "21194", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21194" + }, + { + "name": "gnews-categories-sql-injection(30422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30422" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6443.json b/2006/6xxx/CVE-2006-6443.json index f456f30eea4..038e7267a8f 100644 --- a/2006/6xxx/CVE-2006-6443.json +++ b/2006/6xxx/CVE-2006-6443.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/2974843.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/2974843.html" - }, - { - "name" : "21479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21479" - }, - { - "name" : "ADV-2006-4862", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4862" - }, - { - "name" : "23271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21479" + }, + { + "name": "23271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23271" + }, + { + "name": "ADV-2006-4862", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4862" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/2974843.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/2974843.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6738.json b/2006/6xxx/CVE-2006-6738.json index 5a739ce037d..9864dec7408 100644 --- a/2006/6xxx/CVE-2006-6738.json +++ b/2006/6xxx/CVE-2006-6738.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2960", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2960" - }, - { - "name" : "21671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21671" - }, - { - "name" : "ADV-2006-5083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5083" - }, - { - "name" : "23442", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5083" + }, + { + "name": "21671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21671" + }, + { + "name": "2960", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2960" + }, + { + "name": "23442", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23442" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6990.json b/2006/6xxx/CVE-2006-6990.json index aa9cf9c29e1..1940d1bad59 100644 --- a/2006/6xxx/CVE-2006-6990.json +++ b/2006/6xxx/CVE-2006-6990.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7234.json b/2006/7xxx/CVE-2006-7234.json index 3b5a055bb4d..012e4d43f23 100644 --- a/2006/7xxx/CVE-2006-7234.json +++ b/2006/7xxx/CVE-2006-7234.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-7234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=214205", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=214205" - }, - { - "name" : "[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/25/3" - }, - { - "name" : "MDVSA-2008:217", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217" - }, - { - "name" : "RHSA-2008:0965", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0965.html" - }, - { - "name" : "SUSE-SR:2009:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" - }, - { - "name" : "31917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31917" - }, - { - "name" : "oval:org.mitre.oval:def:9719", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719" - }, - { - "name" : "1021107", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021107" - }, - { - "name" : "32407", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32407" - }, - { - "name" : "32416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32416" - }, - { - "name" : "33568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33568" - }, - { - "name" : "lynx-mailcap-mimetype-code-execution(46132)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/25/3" + }, + { + "name": "31917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31917" + }, + { + "name": "oval:org.mitre.oval:def:9719", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=214205", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=214205" + }, + { + "name": "RHSA-2008:0965", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html" + }, + { + "name": "1021107", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021107" + }, + { + "name": "32407", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32407" + }, + { + "name": "SUSE-SR:2009:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html" + }, + { + "name": "33568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33568" + }, + { + "name": "MDVSA-2008:217", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949" + }, + { + "name": "lynx-mailcap-mimetype-code-execution(46132)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46132" + }, + { + "name": "32416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32416" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0932.json b/2011/0xxx/CVE-2011-0932.json index 0870c83403b..f0ea96b73d4 100644 --- a/2011/0xxx/CVE-2011-0932.json +++ b/2011/0xxx/CVE-2011-0932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2163.json b/2011/2xxx/CVE-2011-2163.json index ada81d316ab..d61a96a8b26 100644 --- a/2011/2xxx/CVE-2011-2163.json +++ b/2011/2xxx/CVE-2011-2163.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36" - }, - { - "name" : "ADV-2011-1256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1256" - }, - { - "name" : "ibm-virtualization-code-execution(67516)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67516" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-virtualization-code-execution(67516)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67516" + }, + { + "name": "ADV-2011-1256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1256" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=nas7057acf6c8f05fa568625787e0059fb36" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2630.json b/2011/2xxx/CVE-2011-2630.json index 9297d50bedb..946eff8bed1 100644 --- a/2011/2xxx/CVE-2011-2630.json +++ b/2011/2xxx/CVE-2011-2630.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1111/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1111/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1111/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1111/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.11 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload occurring after the opening of a popup of the Easy Sticky Note extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/unix/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1111/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1111/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1111/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1111/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2703.json b/2011/2xxx/CVE-2011-2703.json index d5bcf29db84..bc3b67b7359 100644 --- a/2011/2xxx/CVE-2011-2703.json +++ b/2011/2xxx/CVE-2011-2703.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html" - }, - { - "name" : "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/19/11" - }, - { - "name" : "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/19/14" - }, - { - "name" : "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/20/15" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/3903", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/3903" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722545", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722545" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=723293", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=723293" - }, - { - "name" : "DSA-2285", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2285" - }, - { - "name" : "48720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48720" - }, - { - "name" : "45257", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45257" - }, - { - "name" : "45318", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45318" - }, - { - "name" : "45368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45368" - }, - { - "name" : "mapserver-multiple-sql-injection(68682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45318", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45318" + }, + { + "name": "http://trac.osgeo.org/mapserver/ticket/3903", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/3903" + }, + { + "name": "[oss-security] 20110719 CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/19/11" + }, + { + "name": "45257", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45257" + }, + { + "name": "DSA-2285", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2285" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=723293", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=723293" + }, + { + "name": "[oss-security] 20110719 CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/19/14" + }, + { + "name": "45368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45368" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=722545", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=722545" + }, + { + "name": "[mapserver-users] 20110713 MapServer 6.0.1, 5.6.7 and 4.10.7 releases with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2011-July/069430.html" + }, + { + "name": "mapserver-multiple-sql-injection(68682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68682" + }, + { + "name": "48720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48720" + }, + { + "name": "[oss-security] 20110720 Re: CVE Request -- MapServer -- Stack based buffer overflow [was: Re: Re: CVE Request -- MapServer -- SQL injections in OGC filter encoding and in WMS time support.]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/20/15" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2926.json b/2011/2xxx/CVE-2011-2926.json index c76007265ed..9787a340e1e 100644 --- a/2011/2xxx/CVE-2011-2926.json +++ b/2011/2xxx/CVE-2011-2926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2969.json b/2011/2xxx/CVE-2011-2969.json index fcb1b11b806..a127c389e06 100644 --- a/2011/2xxx/CVE-2011-2969.json +++ b/2011/2xxx/CVE-2011-2969.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2969", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3316.json b/2011/3xxx/CVE-2011-3316.json index 8f778b22a01..cc5647bc23f 100644 --- a/2011/3xxx/CVE-2011-3316.json +++ b/2011/3xxx/CVE-2011-3316.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3316", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3316", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3371.json b/2011/3xxx/CVE-2011-3371.json index 2382e830a4b..b414ed0f82c 100644 --- a/2011/3xxx/CVE-2011-3371.json +++ b/2011/3xxx/CVE-2011-3371.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110916 PunBB PHP Forum - Multiple XSS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html" - }, - { - "name" : "20110918 Re: PunBB PHP Forum - Multiple XSS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html" - }, - { - "name" : "20110922 Re: PunBB PHP Forum - Multiple XSS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html" - }, - { - "name" : "[oss-security] 20110918 CVE request: PunBB multiple XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/18/1" - }, - { - "name" : "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/22/3" - }, - { - "name" : "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/" - }, - { - "name" : "http://punbb.informer.com/forums/topic/24430/punbb-136/", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/forums/topic/24430/punbb-136/" - }, - { - "name" : "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip", - "refsource" : "CONFIRM", - "url" : "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip" - }, - { - "name" : "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d", - "refsource" : "CONFIRM", - "url" : "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d" - }, - { - "name" : "1026073", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110916 PunBB PHP Forum - Multiple XSS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0193.html" + }, + { + "name": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip", + "refsource": "CONFIRM", + "url": "https://github.com/downloads/punbb/punbb/punbb-1.3.6.zip" + }, + { + "name": "20110918 Re: PunBB PHP Forum - Multiple XSS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0210.html" + }, + { + "name": "20110922 Re: PunBB PHP Forum - Multiple XSS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0272.html" + }, + { + "name": "1026073", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026073" + }, + { + "name": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d", + "refsource": "CONFIRM", + "url": "https://github.com/punbb/punbb/commit/dd50a50a2760f10bd2d09814e30af4b36052ca6d" + }, + { + "name": "[oss-security] 20110918 CVE request: PunBB multiple XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/18/1" + }, + { + "name": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/" + }, + { + "name": "http://punbb.informer.com/forums/topic/24430/punbb-136/", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/forums/topic/24430/punbb-136/" + }, + { + "name": "[oss-security] 20110922 Re: CVE request: PunBB multiple XSS issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/22/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3378.json b/2011/3xxx/CVE-2011-3378.json index 1759c43eb93..c1f2fe65b2c 100644 --- a/2011/3xxx/CVE-2011-3378.json +++ b/2011/3xxx/CVE-2011-3378.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/27/3" - }, - { - "name" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f", - "refsource" : "CONFIRM", - "url" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f" - }, - { - "name" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656", - "refsource" : "CONFIRM", - "url" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656" - }, - { - "name" : "http://rpm.org/wiki/Releases/4.9.1.2#Security", - "refsource" : "CONFIRM", - "url" : "http://rpm.org/wiki/Releases/4.9.1.2#Security" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=741606", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=741606" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=741612", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=741612" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" - }, - { - "name" : "MDVSA-2011:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143" - }, - { - "name" : "RHSA-2011:1349", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1349.html" - }, - { - "name" : "SUSE-SU-2011:1140", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html" - }, - { - "name" : "openSUSE-SU-2011:1203", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html" - }, - { - "name" : "USN-1695-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1695-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=741612", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741612" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=741606", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=741606" + }, + { + "name": "http://rpm.org/wiki/Releases/4.9.1.2#Security", + "refsource": "CONFIRM", + "url": "http://rpm.org/wiki/Releases/4.9.1.2#Security" + }, + { + "name": "MDVSA-2011:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:143" + }, + { + "name": "[oss-security] 20110927 rpm/librpm/rpm-python memory corruption pre-verification", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/27/3" + }, + { + "name": "RHSA-2011:1349", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1349.html" + }, + { + "name": "SUSE-SU-2011:1140", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00002.html" + }, + { + "name": "openSUSE-SU-2011:1203", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html" + }, + { + "name": "USN-1695-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1695-1" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691" + }, + { + "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f", + "refsource": "CONFIRM", + "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f" + }, + { + "name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656", + "refsource": "CONFIRM", + "url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3718.json b/2011/3xxx/CVE-2011-3718.json index 440184ba365..7649c2769ee 100644 --- a/2011/3xxx/CVE-2011-3718.json +++ b/2011/3xxx/CVE-2011-3718.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cmsmadesimple-1.9.2", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cmsmadesimple-1.9.2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/TinyMCE/TinyMCE.module.php and certain other files. NOTE: this might overlap CVE-2007-5444." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cmsmadesimple-1.9.2", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/cmsmadesimple-1.9.2" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3757.json b/2011/3xxx/CVE-2011-3757.json index 5558b276bc3..d51d2769319 100644 --- a/2011/3xxx/CVE-2011-3757.json +++ b/2011/3xxx/CVE-2011-3757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/moodle-2.0.1", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/moodle-2.0.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/moodle-2.0.1", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/moodle-2.0.1" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4120.json b/2011/4xxx/CVE-2011-4120.json index eb881bdcc08..e660cb7f00b 100644 --- a/2011/4xxx/CVE-2011-4120.json +++ b/2011/4xxx/CVE-2011-4120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4373.json b/2011/4xxx/CVE-2011-4373.json index fd64fede334..9a733cd5539 100644 --- a/2011/4xxx/CVE-2011-4373.json +++ b/2011/4xxx/CVE-2011-4373.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-4373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html" - }, - { - "name" : "51350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51350" - }, - { - "name" : "oval:org.mitre.oval:def:14615", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" - }, - { - "name" : "1026496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51350" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" + }, + { + "name": "oval:org.mitre.oval:def:14615", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" + }, + { + "name": "1026496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026496" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4649.json b/2011/4xxx/CVE-2011-4649.json index 6dd6f6e3b7b..113292ec336 100644 --- a/2011/4xxx/CVE-2011-4649.json +++ b/2011/4xxx/CVE-2011-4649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4697.json b/2011/4xxx/CVE-2011-4697.json index 76cd5360584..ebdbcaf5ff9 100644 --- a/2011/4xxx/CVE-2011-4697.json +++ b/2011/4xxx/CVE-2011-4697.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4697-vulnerability-in-MiTalk.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4697-vulnerability-in-MiTalk.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before 2.1.320 for Android does not properly protect data, which allows remote attackers to read or modify messaging information via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4697-vulnerability-in-MiTalk.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4697-vulnerability-in-MiTalk.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1182.json b/2013/1xxx/CVE-2013-1182.json index 49c4d445d74..e3f84852f6a 100644 --- a/2013/1xxx/CVE-2013-1182.json +++ b/2013/1xxx/CVE-2013-1182.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-1182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130424 Multiple Vulnerabilities in Cisco Unified Computing System", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130424 Multiple Vulnerabilities in Cisco Unified Computing System", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1846.json b/2013/1xxx/CVE-2013-1846.json index 2925285a6c1..247d9bd2381 100644 --- a/2013/1xxx/CVE-2013-1846.json +++ b/2013/1xxx/CVE-2013-1846.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" - }, - { - "name" : "[subversion-announce] 20130404 Subversion 1.6.21 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E" - }, - { - "name" : "http://subversion.apache.org/security/CVE-2013-1846-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2013-1846-advisory.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=929087", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=929087" - }, - { - "name" : "MDVSA-2013:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" - }, - { - "name" : "RHSA-2013:0737", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0737.html" - }, - { - "name" : "openSUSE-SU-2013:0687", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" - }, - { - "name" : "openSUSE-SU-2013:0932", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html" - }, - { - "name" : "USN-1893-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1893-1" - }, - { - "name" : "oval:org.mitre.oval:def:18087", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0687", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" + }, + { + "name": "RHSA-2013:0737", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0737.html" + }, + { + "name": "[subversion-announce] 20130404 Subversion 1.6.21 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=929087", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929087" + }, + { + "name": "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" + }, + { + "name": "USN-1893-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1893-1" + }, + { + "name": "oval:org.mitre.oval:def:18087", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18087" + }, + { + "name": "openSUSE-SU-2013:0932", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html" + }, + { + "name": "http://subversion.apache.org/security/CVE-2013-1846-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2013-1846-advisory.txt" + }, + { + "name": "MDVSA-2013:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5240.json b/2013/5xxx/CVE-2013-5240.json index 0f2fffef891..ce5409f078d 100644 --- a/2013/5xxx/CVE-2013-5240.json +++ b/2013/5xxx/CVE-2013-5240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5520.json b/2013/5xxx/CVE-2013-5520.json index b8431fd17c4..ec010aa42e0 100644 --- a/2013/5xxx/CVE-2013-5520.json +++ b/2013/5xxx/CVE-2013-5520.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5520", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5520", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5818.json b/2013/5xxx/CVE-2013-5818.json index c8f8dc85d98..5321111e7de 100644 --- a/2013/5xxx/CVE-2013-5818.json +++ b/2013/5xxx/CVE-2013-5818.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "63157", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63157" - }, - { - "name" : "oval:org.mitre.oval:def:18761", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18761" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5819 and CVE-2013-5831." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "63157", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63157" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + }, + { + "name": "oval:org.mitre.oval:def:18761", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18761" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5973.json b/2013/5xxx/CVE-2013-5973.json index 76eaaead21e..b3054a4d434 100644 --- a/2013/5xxx/CVE-2013-5973.json +++ b/2013/5xxx/CVE-2013-5973.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131223 NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/530482/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2013-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2013-0016.html" - }, - { - "name" : "JVN#13154935", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN13154935/index.html" - }, - { - "name" : "JVNDB-2013-000123", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html" - }, - { - "name" : "64491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64491" - }, - { - "name" : "101387", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101387" - }, - { - "name" : "1029529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029529" - }, - { - "name" : "vmware-esx-esxi-cve20135973-sec-bypass(89938)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89938" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vmware-esx-esxi-cve20135973-sec-bypass(89938)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89938" + }, + { + "name": "20131223 NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/530482/100/0/threaded" + }, + { + "name": "101387", + "refsource": "OSVDB", + "url": "http://osvdb.org/101387" + }, + { + "name": "JVN#13154935", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN13154935/index.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2013-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2013-0016.html" + }, + { + "name": "JVNDB-2013-000123", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html" + }, + { + "name": "64491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64491" + }, + { + "name": "1029529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029529" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2125.json b/2014/2xxx/CVE-2014-2125.json index fea2d7269d5..179522f2e19 100644 --- a/2014/2xxx/CVE-2014-2125.json +++ b/2014/2xxx/CVE-2014-2125.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33603", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33603" - }, - { - "name" : "20140401 Cisco Unity Connection Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125" - }, - { - "name" : "1029988", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029988", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029988" + }, + { + "name": "20140401 Cisco Unity Connection Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2125" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33603", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33603" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2284.json b/2014/2xxx/CVE-2014-2284.json index 9b31c9736d4..70b0106d22e 100644 --- a/2014/2xxx/CVE-2014-2284.json +++ b/2014/2xxx/CVE-2014-2284.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[net-snmp-announce] 20140225 Multiple Security-fix Net-SNMP Releases: 5.5.2.1, 5.6.2.1, and 5.7.2.1", - "refsource" : "MLIST", - "url" : "http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/" - }, - { - "name" : "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws", - "refsource" : "MLIST", - "url" : "http://comments.gmane.org/gmane.comp.security.oss.general/12284" - }, - { - "name" : "GLSA-201409-02", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" - }, - { - "name" : "RHSA-2014:0321", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0321.html" - }, - { - "name" : "openSUSE-SU-2014:0398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" - }, - { - "name" : "openSUSE-SU-2014:0399", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" - }, - { - "name" : "USN-2166-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2166-1" - }, - { - "name" : "57526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57526" - }, - { - "name" : "57583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57583" - }, - { - "name" : "57870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57870" - }, - { - "name" : "57124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57124" - }, - { - "name" : "59974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00060.html" + }, + { + "name": "openSUSE-SU-2014:0399", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00061.html" + }, + { + "name": "57583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57583" + }, + { + "name": "57124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57124" + }, + { + "name": "USN-2166-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2166-1" + }, + { + "name": "59974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59974" + }, + { + "name": "RHSA-2014:0321", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0321.html" + }, + { + "name": "[net-snmp-announce] 20140225 Multiple Security-fix Net-SNMP Releases: 5.5.2.1, 5.6.2.1, and 5.7.2.1", + "refsource": "MLIST", + "url": "http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/" + }, + { + "name": "57870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57870" + }, + { + "name": "57526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57526" + }, + { + "name": "GLSA-201409-02", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201409-02.xml" + }, + { + "name": "[oss-security] 20140305 CVE request for two net-snmp remote DoS flaws", + "refsource": "MLIST", + "url": "http://comments.gmane.org/gmane.comp.security.oss.general/12284" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2361.json b/2014/2xxx/CVE-2014-2361.json index 9aceaa5b939..b51dae7f14a 100644 --- a/2014/2xxx/CVE-2014-2361.json +++ b/2014/2xxx/CVE-2014-2361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01" - }, - { - "name" : "68795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-202-01" + }, + { + "name": "68795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68795" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2655.json b/2014/2xxx/CVE-2014-2655.json index e9446623b19..84e93f33601 100644 --- a/2014/2xxx/CVE-2014-2655.json +++ b/2014/2xxx/CVE-2014-2655.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140326 CVE request: postfixadmin SQL injection vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/6" - }, - { - "name" : "[oss-security] 20140326 Re: CVE request: postfixadmin SQL injection vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/26/11" - }, - { - "name" : "http://sourceforge.net/p/postfixadmin/code/1650", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/postfixadmin/code/1650" - }, - { - "name" : "DSA-2889", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2889" - }, - { - "name" : "openSUSE-SU-2014:0715", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00075.html" - }, - { - "name" : "66455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/p/postfixadmin/code/1650", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/postfixadmin/code/1650" + }, + { + "name": "DSA-2889", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2889" + }, + { + "name": "openSUSE-SU-2014:0715", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00075.html" + }, + { + "name": "66455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66455" + }, + { + "name": "[oss-security] 20140326 Re: CVE request: postfixadmin SQL injection vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/26/11" + }, + { + "name": "[oss-security] 20140326 CVE request: postfixadmin SQL injection vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/26/6" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2972.json b/2014/2xxx/CVE-2014-2972.json index b5de66eb298..c925ccc073a 100644 --- a/2014/2xxx/CVE-2014-2972.json +++ b/2014/2xxx/CVE-2014-2972.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[exim] 20140722 [exim] Exim 4.83 Released", - "refsource" : "MLIST", - "url" : "https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html" - }, - { - "name" : "[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972", - "refsource" : "MLIST", - "url" : "https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html" - }, - { - "name" : "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44", - "refsource" : "CONFIRM", - "url" : "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122552", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1122552" - }, - { - "name" : "FEDORA-2014-8803", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html" - }, - { - "name" : "FEDORA-2014-8865", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html" - }, - { - "name" : "GLSA-201607-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201607-12" - }, - { - "name" : "USN-2933-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2933-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-8865", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136264.html" + }, + { + "name": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44", + "refsource": "CONFIRM", + "url": "http://git.exim.org/exim.git/commitdiff/7685ce68148a083d7759e78d01aa5198fc099c44" + }, + { + "name": "FEDORA-2014-8803", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136251.html" + }, + { + "name": "[exim] 20140722 [exim] Exim 4.83 Released", + "refsource": "MLIST", + "url": "https://lists.exim.org/lurker/message/20140722.145949.42c043f5.en.html" + }, + { + "name": "[exim] 20140722 [exim] Exim Security Advisory CVE-2014-2972", + "refsource": "MLIST", + "url": "https://lists.exim.org/lurker/message/20140722.152452.d6c019e8.en.html" + }, + { + "name": "GLSA-201607-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201607-12" + }, + { + "name": "USN-2933-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2933-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1122552" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2976.json b/2014/2xxx/CVE-2014-2976.json index ed00a4fa2d5..c61d760983d 100644 --- a/2014/2xxx/CVE-2014-2976.json +++ b/2014/2xxx/CVE-2014-2976.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32973", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32973" - }, - { - "name" : "58231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32973", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32973" + }, + { + "name": "58231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58231" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6882.json b/2014/6xxx/CVE-2014-6882.json index 003e01e1649..2660d1b3962 100644 --- a/2014/6xxx/CVE-2014-6882.json +++ b/2014/6xxx/CVE-2014-6882.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#249417", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/249417" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#249417", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/249417" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0137.json b/2017/0xxx/CVE-2017-0137.json index 1c50cf4b561..5e92443377c 100644 --- a/2017/0xxx/CVE-2017-0137.json +++ b/2017/0xxx/CVE-2017-0137.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0137", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0137" - }, - { - "name" : "96689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96689" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96689" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0137", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0137" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0138.json b/2017/0xxx/CVE-2017-0138.json index a80be6f6dea..780f5b56a2c 100644 --- a/2017/0xxx/CVE-2017-0138.json +++ b/2017/0xxx/CVE-2017-0138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Browser" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Browser" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0138", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0138" - }, - { - "name" : "96684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96684" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0138", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0138" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + }, + { + "name": "96684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96684" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0153.json b/2017/0xxx/CVE-2017-0153.json index 39235e179ce..9b159eaa0e9 100644 --- a/2017/0xxx/CVE-2017-0153.json +++ b/2017/0xxx/CVE-2017-0153.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0153", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0153", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0442.json b/2017/0xxx/CVE-2017-0442.json index b4ed93bbc1f..9bda362be15 100644 --- a/2017/0xxx/CVE-2017-0442.json +++ b/2017/0xxx/CVE-2017-0442.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96047", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96047" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96047", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96047" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0744.json b/2017/0xxx/CVE-2017-0744.json index f3ed333bbab..ff904625e47 100644 --- a/2017/0xxx/CVE-2017-0744.json +++ b/2017/0xxx/CVE-2017-0744.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + }, + { + "name": "100210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100210" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000103.json b/2017/1000xxx/CVE-2017-1000103.json index 1548183dd2f..18ef6b78cad 100644 --- a/2017/1000xxx/CVE-2017-1000103.json +++ b/2017/1000xxx/CVE-2017-1000103.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.318285", - "ID" : "CVE-2017-1000103", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins DRY Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.48 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins DRY Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.318285", + "ID": "CVE-2017-1000103", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - }, - { - "name" : "101061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + }, + { + "name": "101061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101061" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000160.json b/2017/1000xxx/CVE-2017-1000160.json index 0c84654745e..24fd34f4f8f 100644 --- a/2017/1000xxx/CVE-2017-1000160.json +++ b/2017/1000xxx/CVE-2017-1000160.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.372590", - "ID" : "CVE-2017-1000160", - "REQUESTER" : "hbuchwald@ripstech.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ExpressionEngine", - "version" : { - "version_data" : [ - { - "version_value" : "3.4.2 and older" - } - ] - } - } - ] - }, - "vendor_name" : "EllisLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.372590", + "ID": "CVE-2017-1000160", + "REQUESTER": "hbuchwald@ripstech.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3", - "refsource" : "MISC", - "url" : "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3", + "refsource": "MISC", + "url": "https://docs.expressionengine.com/latest/about/changelog.html#version-3-4-3" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000372.json b/2017/1000xxx/CVE-2017-1000372.json index 1f9d650188c..f638de18060 100644 --- a/2017/1000xxx/CVE-2017-1000372.json +++ b/2017/1000xxx/CVE-2017-1000372.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000372", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenBSD", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - } - ] - } - } - ] - }, - "vendor_name" : "OpenBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A specific CWE doesn't exist, listing as unknown for now" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000372", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig", - "refsource" : "MISC", - "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig" - }, - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - }, - { - "name" : "99172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "99172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99172" + }, + { + "name": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig", + "refsource": "MISC", + "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16514.json b/2017/16xxx/CVE-2017-16514.json index 3d2d616afce..5c586f9efd9 100644 --- a/2017/16xxx/CVE-2017-16514.json +++ b/2017/16xxx/CVE-2017-16514.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/13df19c04c7e86c0f5256b91376d593a" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16953.json b/2017/16xxx/CVE-2017-16953.json index d8423ad2d9a..e31e45af9f3 100644 --- a/2017/16xxx/CVE-2017-16953.json +++ b/2017/16xxx/CVE-2017-16953.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43188", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43188/" - }, - { - "name" : "http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html" - }, - { - "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762", - "refsource" : "CONFIRM", - "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43188", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43188/" + }, + { + "name": "http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html" + }, + { + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762", + "refsource": "CONFIRM", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1343.json b/2017/1xxx/CVE-2017-1343.json index cab3668f41b..385759c49ac 100644 --- a/2017/1xxx/CVE-2017-1343.json +++ b/2017/1xxx/CVE-2017-1343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1378.json b/2017/1xxx/CVE-2017-1378.json index 92a77a15f50..9dc380c96e4 100644 --- a/2017/1xxx/CVE-2017-1378.json +++ b/2017/1xxx/CVE-2017-1378.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spectrum Protect for Virtual Environments", - "version" : { - "version_data" : [ - { - "version_value" : "7.1" - }, - { - "version_value" : "8.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spectrum Protect for Virtual Environments", + "version": { + "version_data": [ + { + "version_value": "7.1" + }, + { + "version_value": "8.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006215", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126875" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006215", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006215" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1501.json b/2017/1xxx/CVE-2017-1501.json index 455e99b8f89..3aabccfe4bf 100644 --- a/2017/1xxx/CVE-2017-1501.json +++ b/2017/1xxx/CVE-2017-1501.json @@ -1,84 +1,84 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-15T00:00:00", - "ID" : "CVE-2017-1501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "8.0" - }, - { - "version_value" : "8.5" - }, - { - "version_value" : "9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-15T00:00:00", + "ID": "CVE-2017-1501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "8.0" + }, + { + "version_value": "8.5" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129576", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129576" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006810", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006810" - }, - { - "name" : "100394", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100394" - }, - { - "name" : "1039199", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039199" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129576." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129576", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129576" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006810", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006810" + }, + { + "name": "100394", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100394" + }, + { + "name": "1039199", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039199" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1526.json b/2017/1xxx/CVE-2017-1526.json index 1d786a35f0a..1e8c537a5f3 100644 --- a/2017/1xxx/CVE-2017-1526.json +++ b/2017/1xxx/CVE-2017-1526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1799.json b/2017/1xxx/CVE-2017-1799.json index 6b0855e643e..650a1103524 100644 --- a/2017/1xxx/CVE-2017-1799.json +++ b/2017/1xxx/CVE-2017-1799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1799", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1799", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1914.json b/2017/1xxx/CVE-2017-1914.json index e0a52f853d8..02ca147b003 100644 --- a/2017/1xxx/CVE-2017-1914.json +++ b/2017/1xxx/CVE-2017-1914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1914", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1914", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4463.json b/2017/4xxx/CVE-2017-4463.json index 3e384175b9c..c9072bbcd22 100644 --- a/2017/4xxx/CVE-2017-4463.json +++ b/2017/4xxx/CVE-2017-4463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4463", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4463", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4477.json b/2017/4xxx/CVE-2017-4477.json index 6f95aac688f..d20aa37a069 100644 --- a/2017/4xxx/CVE-2017-4477.json +++ b/2017/4xxx/CVE-2017-4477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4477", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4477", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4754.json b/2017/4xxx/CVE-2017-4754.json index 006f074dd33..0d4cc4a8f27 100644 --- a/2017/4xxx/CVE-2017-4754.json +++ b/2017/4xxx/CVE-2017-4754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4754", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4754", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4829.json b/2017/4xxx/CVE-2017-4829.json index 83dab0cd4c1..ef6b8682d3f 100644 --- a/2017/4xxx/CVE-2017-4829.json +++ b/2017/4xxx/CVE-2017-4829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4829", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4829", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file