From 84ed71eae40de29d9d611d4f89ffc77c65ed1f41 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:48:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1373.json | 150 +++---- 2001/1xxx/CVE-2001-1553.json | 120 +++--- 2006/2xxx/CVE-2006-2265.json | 160 ++++---- 2006/2xxx/CVE-2006-2313.json | 400 +++++++++--------- 2006/2xxx/CVE-2006-2708.json | 190 ++++----- 2006/2xxx/CVE-2006-2787.json | 640 ++++++++++++++--------------- 2006/2xxx/CVE-2006-2985.json | 150 +++---- 2006/3xxx/CVE-2006-3110.json | 140 +++---- 2006/6xxx/CVE-2006-6043.json | 150 +++---- 2006/6xxx/CVE-2006-6090.json | 190 ++++----- 2006/6xxx/CVE-2006-6201.json | 170 ++++---- 2006/6xxx/CVE-2006-6744.json | 120 +++--- 2006/6xxx/CVE-2006-6821.json | 150 +++---- 2006/7xxx/CVE-2006-7069.json | 160 ++++---- 2006/7xxx/CVE-2006-7108.json | 220 +++++----- 2011/0xxx/CVE-2011-0199.json | 140 +++---- 2011/0xxx/CVE-2011-0714.json | 150 +++---- 2011/0xxx/CVE-2011-0911.json | 120 +++--- 2011/0xxx/CVE-2011-0924.json | 180 ++++---- 2011/3xxx/CVE-2011-3029.json | 34 +- 2011/3xxx/CVE-2011-3080.json | 190 ++++----- 2011/3xxx/CVE-2011-3535.json | 150 +++---- 2011/3xxx/CVE-2011-3621.json | 34 +- 2011/3xxx/CVE-2011-3730.json | 140 +++---- 2011/3xxx/CVE-2011-3955.json | 140 +++---- 2011/4xxx/CVE-2011-4349.json | 230 +++++------ 2011/4xxx/CVE-2011-4352.json | 240 +++++------ 2011/4xxx/CVE-2011-4422.json | 34 +- 2011/4xxx/CVE-2011-4465.json | 140 +++---- 2011/4xxx/CVE-2011-4944.json | 300 +++++++------- 2013/1xxx/CVE-2013-1077.json | 34 +- 2013/1xxx/CVE-2013-1084.json | 140 +++---- 2013/1xxx/CVE-2013-1660.json | 34 +- 2013/5xxx/CVE-2013-5064.json | 34 +- 2013/5xxx/CVE-2013-5271.json | 34 +- 2013/5xxx/CVE-2013-5415.json | 130 +++--- 2013/5xxx/CVE-2013-5597.json | 220 +++++----- 2013/5xxx/CVE-2013-5758.json | 160 ++++---- 2014/2xxx/CVE-2014-2366.json | 120 +++--- 2014/2xxx/CVE-2014-2368.json | 120 +++--- 2014/2xxx/CVE-2014-2839.json | 140 +++---- 2014/2xxx/CVE-2014-2863.json | 120 +++--- 2014/2xxx/CVE-2014-2876.json | 34 +- 2014/2xxx/CVE-2014-2975.json | 130 +++--- 2014/6xxx/CVE-2014-6342.json | 140 +++---- 2014/6xxx/CVE-2014-6596.json | 130 +++--- 2014/6xxx/CVE-2014-6771.json | 140 +++---- 2017/0xxx/CVE-2017-0288.json | 140 +++---- 2017/0xxx/CVE-2017-0407.json | 158 +++---- 2017/0xxx/CVE-2017-0812.json | 160 ++++---- 2017/1000xxx/CVE-2017-1000153.json | 124 +++--- 2017/1000xxx/CVE-2017-1000377.json | 142 +++---- 2017/18xxx/CVE-2017-18220.json | 170 ++++---- 2017/1xxx/CVE-2017-1067.json | 34 +- 2017/1xxx/CVE-2017-1680.json | 34 +- 2017/1xxx/CVE-2017-1980.json | 34 +- 2017/4xxx/CVE-2017-4161.json | 34 +- 2017/4xxx/CVE-2017-4765.json | 34 +- 2017/4xxx/CVE-2017-4851.json | 34 +- 2017/4xxx/CVE-2017-4901.json | 160 ++++---- 2017/5xxx/CVE-2017-5263.json | 120 +++--- 2017/5xxx/CVE-2017-5307.json | 34 +- 62 files changed, 4302 insertions(+), 4302 deletions(-) diff --git a/2001/1xxx/CVE-2001-1373.json b/2001/1xxx/CVE-2001-1373.json index 6e620e0502c..436af2b3dfc 100644 --- a/2001/1xxx/CVE-2001-1373.json +++ b/2001/1xxx/CVE-2001-1373.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010718 ZoneAlarm Pro", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/197681" - }, - { - "name" : "http://www.zonelabs.com/products/zap/rel_history.html#2.6.362", - "refsource" : "CONFIRM", - "url" : "http://www.zonelabs.com/products/zap/rel_history.html#2.6.362" - }, - { - "name" : "zonealarm-bypass-mailsafe(6877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6877" - }, - { - "name" : "3055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zonelabs.com/products/zap/rel_history.html#2.6.362", + "refsource": "CONFIRM", + "url": "http://www.zonelabs.com/products/zap/rel_history.html#2.6.362" + }, + { + "name": "zonealarm-bypass-mailsafe(6877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6877" + }, + { + "name": "20010718 ZoneAlarm Pro", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/197681" + }, + { + "name": "3055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3055" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1553.json b/2001/1xxx/CVE-2001-1553.json index 64830687eb5..8e7af803ed5 100644 --- a/2001/1xxx/CVE-2001-1553.json +++ b/2001/1xxx/CVE-2001-1553.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011202 Vulnerability in SETI@home", - "refsource" : "VULN-DEV", - "url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd. NOTE: since the default configuration of setiathome is not setuid, perhaps this issue should not be included in CVE." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20011202 Vulnerability in SETI@home", + "refsource": "VULN-DEV", + "url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0662.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2265.json b/2006/2xxx/CVE-2006-2265.json index 26242512e60..6aded704edc 100644 --- a/2006/2xxx/CVE-2006-2265.json +++ b/2006/2xxx/CVE-2006-2265.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17877" - }, - { - "name" : "ADV-2006-1705", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1705" - }, - { - "name" : "25347", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25347" - }, - { - "name" : "20036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20036" - }, - { - "name" : "calendarmanagerpro-main-xss(26335)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1705", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1705" + }, + { + "name": "20036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20036" + }, + { + "name": "calendarmanagerpro-main-xss(26335)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26335" + }, + { + "name": "25347", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25347" + }, + { + "name": "17877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17877" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2313.json b/2006/2xxx/CVE-2006-2313.json index a239de25739..7bba3e01f21 100644 --- a/2006/2xxx/CVE-2006-2313.json +++ b/2006/2xxx/CVE-2006-2313.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of \"Encoding-Based SQL Injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435038/100/0/threaded" - }, - { - "name" : "20060524 rPSA-2006-0080-1 postgresql postgresql-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435161/100/0/threaded" - }, - { - "name" : "[pgsql-announce] 20060523 Security Releases for All Active Versions", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php" - }, - { - "name" : "http://www.postgresql.org/docs/techdocs.50", - "refsource" : "CONFIRM", - "url" : "http://www.postgresql.org/docs/techdocs.50" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm" - }, - { - "name" : "DSA-1087", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1087" - }, - { - "name" : "GLSA-200607-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-04.xml" - }, - { - "name" : "MDKSA-2006:098", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098" - }, - { - "name" : "RHSA-2006:0526", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0526.html" - }, - { - "name" : "20060602-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:030", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html" - }, - { - "name" : "2006-0032", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0032/" - }, - { - "name" : "USN-288-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/288-1/" - }, - { - "name" : "USN-288-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-288-2" - }, - { - "name" : "18092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18092" - }, - { - "name" : "oval:org.mitre.oval:def:10618", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618" - }, - { - "name" : "ADV-2006-1941", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1941" - }, - { - "name" : "1016142", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016142" - }, - { - "name" : "20231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20231" - }, - { - "name" : "20232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20232" - }, - { - "name" : "20314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20314" - }, - { - "name" : "20435", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20435" - }, - { - "name" : "20451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20451" - }, - { - "name" : "20503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20503" - }, - { - "name" : "20555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20555" - }, - { - "name" : "20782", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20782" - }, - { - "name" : "21001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21001" - }, - { - "name" : "20653", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20653" - }, - { - "name" : "postgresql-multibyte-sql-injection(26627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of \"Encoding-Based SQL Injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200607-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-04.xml" + }, + { + "name": "20435", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20435" + }, + { + "name": "18092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18092" + }, + { + "name": "20503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20503" + }, + { + "name": "20451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20451" + }, + { + "name": "21001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21001" + }, + { + "name": "http://www.postgresql.org/docs/techdocs.50", + "refsource": "CONFIRM", + "url": "http://www.postgresql.org/docs/techdocs.50" + }, + { + "name": "20231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20231" + }, + { + "name": "20653", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20653" + }, + { + "name": "SUSE-SA:2006:030", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html" + }, + { + "name": "20782", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20782" + }, + { + "name": "RHSA-2006:0526", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0526.html" + }, + { + "name": "2006-0032", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0032/" + }, + { + "name": "oval:org.mitre.oval:def:10618", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618" + }, + { + "name": "20060602-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc" + }, + { + "name": "ADV-2006-1941", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1941" + }, + { + "name": "20060524 rPSA-2006-0080-1 postgresql postgresql-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435161/100/0/threaded" + }, + { + "name": "20232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20232" + }, + { + "name": "20060523 PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435038/100/0/threaded" + }, + { + "name": "USN-288-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/288-1/" + }, + { + "name": "MDKSA-2006:098", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:098" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm" + }, + { + "name": "postgresql-multibyte-sql-injection(26627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26627" + }, + { + "name": "20555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20555" + }, + { + "name": "[pgsql-announce] 20060523 Security Releases for All Active Versions", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php" + }, + { + "name": "1016142", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016142" + }, + { + "name": "USN-288-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-288-2" + }, + { + "name": "20314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20314" + }, + { + "name": "DSA-1087", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1087" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2708.json b/2006/2xxx/CVE-2006-2708.json index 76e9367b5fe..9bd501cd3b5 100644 --- a/2006/2xxx/CVE-2006-2708.json +++ b/2006/2xxx/CVE-2006-2708.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6QAK6D", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6QAK6D" - }, - { - "name" : "VU#227929", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/227929" - }, - { - "name" : "VU#873409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/873409" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-emsetceparameter-bo(26745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26745" - }, - { - "name" : "c5evm-emgetceparameter-bo(26778)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26778" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#227929", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/227929" + }, + { + "name": "VU#873409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/873409" + }, + { + "name": "c5evm-emsetceparameter-bo(26745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26745" + }, + { + "name": "c5evm-emgetceparameter-bo(26778)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26778" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6QAK6D", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6QAK6D" + }, + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2787.json b/2006/2xxx/CVE-2006-2787.json index b9318bcdf6f..8b06da29082 100644 --- a/2006/2xxx/CVE-2006-2787.json +++ b/2006/2xxx/CVE-2006-2787.json @@ -1,322 +1,322 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 rPSA-2006-0091-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435795/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html" - }, - { - "name" : "DSA-1118", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1118" - }, - { - "name" : "DSA-1120", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1120" - }, - { - "name" : "DSA-1134", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1134" - }, - { - "name" : "GLSA-200606-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" - }, - { - "name" : "GLSA-200606-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0578", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0578.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "SUSE-SA:2006:035", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" - }, - { - "name" : "USN-296-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-1/" - }, - { - "name" : "USN-297-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-1/" - }, - { - "name" : "USN-296-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/296-2/" - }, - { - "name" : "USN-297-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/297-3/" - }, - { - "name" : "USN-323-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/323-1/" - }, - { - "name" : "18228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18228" - }, - { - "name" : "oval:org.mitre.oval:def:9491", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9491" - }, - { - "name" : "ADV-2006-2106", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2106" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016202" - }, - { - "name" : "1016214", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016214" - }, - { - "name" : "20376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20376" - }, - { - "name" : "20382", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20382" - }, - { - "name" : "20561", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20561" - }, - { - "name" : "20709", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20709" - }, - { - "name" : "21134", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21134" - }, - { - "name" : "21183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21183" - }, - { - "name" : "21176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21176" - }, - { - "name" : "21178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21178" - }, - { - "name" : "21188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21188" - }, - { - "name" : "21210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21210" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21324", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21324" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-valueof-sandbox-bypass(26842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20709", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20709" + }, + { + "name": "21176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21176" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-31.html" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "USN-297-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-3/" + }, + { + "name": "USN-296-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-1/" + }, + { + "name": "USN-323-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/323-1/" + }, + { + "name": "20561", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20561" + }, + { + "name": "21210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21210" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "20382", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20382" + }, + { + "name": "mozilla-valueof-sandbox-bypass(26842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26842" + }, + { + "name": "1016214", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016214" + }, + { + "name": "20060602 rPSA-2006-0091-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435795/100/0/threaded" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "20376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20376" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "21178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21178" + }, + { + "name": "1016202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016202" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "18228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18228" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "21188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21188" + }, + { + "name": "21134", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21134" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "USN-296-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/296-2/" + }, + { + "name": "GLSA-200606-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml" + }, + { + "name": "DSA-1118", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1118" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "DSA-1120", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1120" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "DSA-1134", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1134" + }, + { + "name": "GLSA-200606-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml" + }, + { + "name": "21324", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21324" + }, + { + "name": "21183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21183" + }, + { + "name": "oval:org.mitre.oval:def:9491", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9491" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "SUSE-SA:2006:035", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_35_mozilla.html" + }, + { + "name": "USN-297-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/297-1/" + }, + { + "name": "RHSA-2006:0578", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0578.html" + }, + { + "name": "ADV-2006-2106", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2106" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2985.json b/2006/2xxx/CVE-2006-2985.json index 9cb29ee2664..18093894a59 100644 --- a/2006/2xxx/CVE-2006-2985.json +++ b/2006/2xxx/CVE-2006-2985.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded \"'\" characters in the STYLE_URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 'Multiple Sql injection and XSS in integramod portal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436457/100/0/threaded" - }, - { - "name" : "20060612 verified SQL injection in IntegraMOD 1.4.0 (source inspection)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-June/000847.html" - }, - { - "name" : "1085", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1085" - }, - { - "name" : "integramod-index-sql-injection(27097)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded \"'\" characters in the STYLE_URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060612 verified SQL injection in IntegraMOD 1.4.0 (source inspection)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-June/000847.html" + }, + { + "name": "20060606 'Multiple Sql injection and XSS in integramod portal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436457/100/0/threaded" + }, + { + "name": "1085", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1085" + }, + { + "name": "integramod-index-sql-injection(27097)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27097" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3110.json b/2006/3xxx/CVE-2006-3110.json index 05ff5c336c9..cb0cd046b1e 100644 --- a/2006/3xxx/CVE-2006-3110.json +++ b/2006/3xxx/CVE-2006-3110.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115024576618386&w=2" - }, - { - "name" : "1016315", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016315" - }, - { - "name" : "chipmailer-main-xss(27156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in main.php in Chipmailer 1.09 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) betreff, (3) mail, and (4) text parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060613 Chipmailer <= 1.09 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115024576618386&w=2" + }, + { + "name": "chipmailer-main-xss(27156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27156" + }, + { + "name": "1016315", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016315" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6043.json b/2006/6xxx/CVE-2006-6043.json index 5dd5747e547..a57f07903aa 100644 --- a/2006/6xxx/CVE-2006-6043.json +++ b/2006/6xxx/CVE-2006-6043.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21202", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21202/info" - }, - { - "name" : "ADV-2006-4608", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4608" - }, - { - "name" : "23031", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23031" - }, - { - "name" : "oliver-loginform-file-include(30415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4608", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4608" + }, + { + "name": "23031", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23031" + }, + { + "name": "oliver-loginform-file-include(30415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30415" + }, + { + "name": "21202", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21202/info" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6090.json b/2006/6xxx/CVE-2006-6090.json index ab3c13fa7be..67cba365067 100644 --- a/2006/6xxx/CVE-2006-6090.json +++ b/2006/6xxx/CVE-2006-6090.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061115 BaalAsp forum [login bypass ,injections sql(post), xss(post)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451846/100/100/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=35", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=35" - }, - { - "name" : "21111", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21111" - }, - { - "name" : "ADV-2006-4579", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4579" - }, - { - "name" : "22943", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22943" - }, - { - "name" : "1913", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1913" - }, - { - "name" : "baalasp-login-security-bypass(30342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30342" - }, - { - "name" : "baalasp-search-sql-injection(30343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21111", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21111" + }, + { + "name": "20061115 BaalAsp forum [login bypass ,injections sql(post), xss(post)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451846/100/100/threaded" + }, + { + "name": "22943", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22943" + }, + { + "name": "baalasp-search-sql-injection(30343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30343" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=35", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=35" + }, + { + "name": "1913", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1913" + }, + { + "name": "baalasp-login-security-bypass(30342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30342" + }, + { + "name": "ADV-2006-4579", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4579" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6201.json b/2006/6xxx/CVE-2006-6201.json index 2978ecc2c1e..06271ac0ec7 100644 --- a/2006/6xxx/CVE-2006-6201.json +++ b/2006/6xxx/CVE-2006-6201.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061129 Secunia Research: Borland Products idsql32.dll Buffer OverflowVulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453003/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-70/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-70/advisory/" - }, - { - "name" : "21342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21342" - }, - { - "name" : "ADV-2006-4763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4763" - }, - { - "name" : "22570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22570" - }, - { - "name" : "borland-idsql32-bo(30583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "borland-idsql32-bo(30583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30583" + }, + { + "name": "22570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22570" + }, + { + "name": "ADV-2006-4763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4763" + }, + { + "name": "http://secunia.com/secunia_research/2006-70/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-70/advisory/" + }, + { + "name": "21342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21342" + }, + { + "name": "20061129 Secunia Research: Borland Products idsql32.dll Buffer OverflowVulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453003/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6744.json b/2006/6xxx/CVE-2006-6744.json index 1366ab4ec22..d2ce9645fac 100644 --- a/2006/6xxx/CVE-2006-6744.json +++ b/2006/6xxx/CVE-2006-6744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=460858&group_id=176310" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6821.json b/2006/6xxx/CVE-2006-6821.json index a7d0471d55f..c4b142d966a 100644 --- a/2006/6xxx/CVE-2006-6821.json +++ b/2006/6xxx/CVE-2006-6821.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2996", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2996" - }, - { - "name" : "21739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21739" - }, - { - "name" : "ADV-2006-5156", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5156" - }, - { - "name" : "23518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5156", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5156" + }, + { + "name": "2996", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2996" + }, + { + "name": "21739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21739" + }, + { + "name": "23518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23518" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7069.json b/2006/7xxx/CVE-2006-7069.json index 74b96fe19c8..6c2a64a4f96 100644 --- a/2006/7xxx/CVE-2006-7069.json +++ b/2006/7xxx/CVE-2006-7069.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2336", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2336" - }, - { - "name" : "19935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19935" - }, - { - "name" : "ADV-2006-3550", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3550" - }, - { - "name" : "21857", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21857" - }, - { - "name" : "socketwiz-config-file-include(28850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in smarty_config.php in Socketwiz Bookmarks 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the root_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "socketwiz-config-file-include(28850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28850" + }, + { + "name": "21857", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21857" + }, + { + "name": "19935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19935" + }, + { + "name": "2336", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2336" + }, + { + "name": "ADV-2006-3550", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3550" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7108.json b/2006/7xxx/CVE-2006-7108.json index 18b492f1499..3a1666fd8c2 100644 --- a/2006/7xxx/CVE-2006-7108.json +++ b/2006/7xxx/CVE-2006-7108.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-1359", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-1359" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm" - }, - { - "name" : "MDKSA-2007:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111" - }, - { - "name" : "RHSA-2007:0235", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0235.html" - }, - { - "name" : "24321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/24321" - }, - { - "name" : "oval:org.mitre.oval:def:9689", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689" - }, - { - "name" : "25098", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25098" - }, - { - "name" : "25530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25530" - }, - { - "name" : "25692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25692" - }, - { - "name" : "25935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25098", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25098" + }, + { + "name": "https://issues.rpath.com/browse/RPL-1359", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-1359" + }, + { + "name": "25935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25935" + }, + { + "name": "24321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/24321" + }, + { + "name": "RHSA-2007:0235", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html" + }, + { + "name": "MDKSA-2007:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111" + }, + { + "name": "25692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25692" + }, + { + "name": "25530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25530" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm" + }, + { + "name": "oval:org.mitre.oval:def:9689", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0199.json b/2011/0xxx/CVE-2011-0199.json index 009a4e995f3..305f7bf8ce4 100644 --- a/2011/0xxx/CVE-2011-0199.json +++ b/2011/0xxx/CVE-2011-0199.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "48447", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "48447", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48447" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0714.json b/2011/0xxx/CVE-2011-0714.json index 1f98ddccf48..9b8e1173c5c 100644 --- a/2011/0xxx/CVE-2011-0714.json +++ b/2011/0xxx/CVE-2011-0714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110308 CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/08/17" - }, - { - "name" : "[oss-security] 20110309 Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/09/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678144", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678144" - }, - { - "name" : "RHSA-2011:0329", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2011-0329.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in a certain Red Hat patch for the RPC server sockets functionality in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 might allow remote attackers to cause a denial of service (crash) via malformed data in a packet, related to lockd and the svc_xprt_received function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110308 CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/08/17" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678144", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678144" + }, + { + "name": "[oss-security] 20110309 Re: CVE-2011-0714 kernel: deficiency in handling of invalid data packets in lockd", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/09/1" + }, + { + "name": "RHSA-2011:0329", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2011-0329.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0911.json b/2011/0xxx/CVE-2011-0911.json index 969fb8b3df6..5aa084e9a3c 100644 --- a/2011/0xxx/CVE-2011-0911.json +++ b/2011/0xxx/CVE-2011-0911.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released", - "refsource" : "CONFIRM", - "url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released", + "refsource": "CONFIRM", + "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0924.json b/2011/0xxx/CVE-2011-0924.json index e299349c039..e681bfa1c33 100644 --- a/2011/0xxx/CVE-2011-0924.json +++ b/2011/0xxx/CVE-2011-0924.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516258/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-054/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-054/" - }, - { - "name" : "HPSBMA02654", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130391284726795&w=2" - }, - { - "name" : "SSRT100441", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130391284726795&w=2" - }, - { - "name" : "46234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46234" - }, - { - "name" : "ADV-2011-0308", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in HP Data Protector does not verify the contents of files associated with the EXEC_CMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omni_chk_ds.sh." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-hp" + }, + { + "name": "SSRT100441", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2" + }, + { + "name": "ADV-2011-0308", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0308" + }, + { + "name": "20110207 ZDI-11-054: Hewlett-Packard Data Protector Client EXEC_CMD omni_chk_ds.sh Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516258/100/0/threaded" + }, + { + "name": "HPSBMA02654", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130391284726795&w=2" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-054/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-054/" + }, + { + "name": "46234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46234" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3029.json b/2011/3xxx/CVE-2011-3029.json index f05f4594757..d188e2c515c 100644 --- a/2011/3xxx/CVE-2011-3029.json +++ b/2011/3xxx/CVE-2011-3029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3080.json b/2011/3xxx/CVE-2011-3080.json index d743f205059..7100b79c028 100644 --- a/2011/3xxx/CVE-2011-3080.json +++ b/2011/3xxx/CVE-2011-3080.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=121726", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=121726" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html" - }, - { - "name" : "53309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53309" - }, - { - "name" : "81646", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81646" - }, - { - "name" : "oval:org.mitre.oval:def:15623", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15623" - }, - { - "name" : "1027001", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027001" - }, - { - "name" : "48992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48992" - }, - { - "name" : "chrome-sandbox-ipc-code-exec(75272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168 allows attackers to bypass intended sandbox restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html" + }, + { + "name": "48992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48992" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=121726", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=121726" + }, + { + "name": "1027001", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027001" + }, + { + "name": "chrome-sandbox-ipc-code-exec(75272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75272" + }, + { + "name": "81646", + "refsource": "OSVDB", + "url": "http://osvdb.org/81646" + }, + { + "name": "oval:org.mitre.oval:def:15623", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15623" + }, + { + "name": "53309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53309" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3535.json b/2011/3xxx/CVE-2011-3535.json index e412640f634..4331a149576 100644 --- a/2011/3xxx/CVE-2011-3535.json +++ b/2011/3xxx/CVE-2011-3535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-3535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" - }, - { - "name" : "50255", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50255" - }, - { - "name" : "76470", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76470" - }, - { - "name" : "orasun-sol-rquotad-unspecified(70808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Remote Quota Server (rquotad)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "orasun-sol-rquotad-unspecified(70808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70808" + }, + { + "name": "50255", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50255" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" + }, + { + "name": "76470", + "refsource": "OSVDB", + "url": "http://osvdb.org/76470" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3621.json b/2011/3xxx/CVE-2011-3621.json index ff2d2798119..da5aac69f26 100644 --- a/2011/3xxx/CVE-2011-3621.json +++ b/2011/3xxx/CVE-2011-3621.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3621", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3621", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3730.json b/2011/3xxx/CVE-2011-3730.json index 853a61e96e1..3af1151f367 100644 --- a/2011/3xxx/CVE-2011-3730.json +++ b/2011/3xxx/CVE-2011-3730.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/drupal-7.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/drupal-7.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Drupal 7.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/simpletest/tests/upgrade/drupal-6.upload.database.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/drupal-7.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/drupal-7.0" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3955.json b/2011/3xxx/CVE-2011-3955.json index 28a03ee6dc4..7697d6da2dd 100644 --- a/2011/3xxx/CVE-2011-3955.json +++ b/2011/3xxx/CVE-2011-3955.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=93106", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=93106" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14905", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors that trigger the aborting of an IndexedDB transaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=93106", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=93106" + }, + { + "name": "oval:org.mitre.oval:def:14905", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14905" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4349.json b/2011/4xxx/CVE-2011-4349.json index 9c949cf74e6..4165fe37f95 100644 --- a/2011/4xxx/CVE-2011-4349.json +++ b/2011/4xxx/CVE-2011-4349.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111125 Re: CVE Request: colord sql injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/25/3" - }, - { - "name" : "[oss-security] 20111125 Re: CVE Request: colord sql injections", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/25/4" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=757171", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=757171" - }, - { - "name" : "http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b", - "refsource" : "CONFIRM", - "url" : "http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b" - }, - { - "name" : "http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e", - "refsource" : "CONFIRM", - "url" : "http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=42904", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=42904" - }, - { - "name" : "FEDORA-2011-16451", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html" - }, - { - "name" : "FEDORA-2011-16453", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html" - }, - { - "name" : "USN-1289-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1289-1" - }, - { - "name" : "50814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50814" - }, - { - "name" : "46940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46940" - }, - { - "name" : "47160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50814" + }, + { + "name": "USN-1289-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1289-1" + }, + { + "name": "46940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46940" + }, + { + "name": "[oss-security] 20111125 Re: CVE Request: colord sql injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/25/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=757171", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757171" + }, + { + "name": "47160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47160" + }, + { + "name": "http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b", + "refsource": "CONFIRM", + "url": "http://gitorious.org/colord/master/commit/1fadd90afcb4bbc47513466ee9bb1e4a8632ac3b" + }, + { + "name": "FEDORA-2011-16451", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070518.html" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=42904", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=42904" + }, + { + "name": "http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e", + "refsource": "CONFIRM", + "url": "http://gitorious.org/colord/master/commit/36549e0ed255e7dfa7852d08a75dd5f00cbd270e" + }, + { + "name": "FEDORA-2011-16453", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070450.html" + }, + { + "name": "[oss-security] 20111125 Re: CVE Request: colord sql injections", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/25/3" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4352.json b/2011/4xxx/CVE-2011-4352.json index 0519db2329b..13e25990b42 100644 --- a/2011/4xxx/CVE-2011-4352.json +++ b/2011/4xxx/CVE-2011-4352.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520622" - }, - { - "name" : "http://ffmpeg.org/", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5" - }, - { - "name" : "http://libav.org/", - "refsource" : "CONFIRM", - "url" : "http://libav.org/" - }, - { - "name" : "http://libav.org/releases/libav-0.5.6.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.5.6.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.6.4.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.6.4.changelog" - }, - { - "name" : "http://libav.org/releases/libav-0.7.3.changelog", - "refsource" : "CONFIRM", - "url" : "http://libav.org/releases/libav-0.7.3.changelog" - }, - { - "name" : "MDVSA-2012:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" - }, - { - "name" : "MDVSA-2012:075", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" - }, - { - "name" : "MDVSA-2012:076", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" - }, - { - "name" : "USN-1320-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1320-1" - }, - { - "name" : "USN-1333-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1333-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VP3 stream, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://libav.org/releases/libav-0.6.4.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.6.4.changelog" + }, + { + "name": "MDVSA-2012:076", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:076" + }, + { + "name": "USN-1320-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1320-1" + }, + { + "name": "MDVSA-2012:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:074" + }, + { + "name": "MDVSA-2012:075", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:075" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f" + }, + { + "name": "20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520622" + }, + { + "name": "http://ffmpeg.org/", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/" + }, + { + "name": "http://libav.org/", + "refsource": "CONFIRM", + "url": "http://libav.org/" + }, + { + "name": "USN-1333-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1333-1" + }, + { + "name": "http://libav.org/releases/libav-0.5.6.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.5.6.changelog" + }, + { + "name": "http://libav.org/releases/libav-0.7.3.changelog", + "refsource": "CONFIRM", + "url": "http://libav.org/releases/libav-0.7.3.changelog" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=eef5c35b4352ec49ca41f6198bee8a976b1f81e5" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4422.json b/2011/4xxx/CVE-2011-4422.json index 7f416f11005..da9a98e8e83 100644 --- a/2011/4xxx/CVE-2011-4422.json +++ b/2011/4xxx/CVE-2011-4422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4422", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4422", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4465.json b/2011/4xxx/CVE-2011-4465.json index 393732b1d10..6a60aae6e3a 100644 --- a/2011/4xxx/CVE-2011-4465.json +++ b/2011/4xxx/CVE-2011-4465.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg27020327", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg27020327" - }, - { - "name" : "IV07148", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1IV07148" - }, - { - "name" : "lmc-redirect-xss(72337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg27020327", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg27020327" + }, + { + "name": "lmc-redirect-xss(72337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72337" + }, + { + "name": "IV07148", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1IV07148" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4944.json b/2011/4xxx/CVE-2011-4944.json index 7bc11a3913e..5cc06752081 100644 --- a/2011/4xxx/CVE-2011-4944.json +++ b/2011/4xxx/CVE-2011-4944.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/27/2" - }, - { - "name" : "[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/27/5" - }, - { - "name" : "[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/27/10" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=758905", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=758905" - }, - { - "name" : "http://bugs.python.org/file23824/pypirc-secure.diff", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/file23824/pypirc-secure.diff" - }, - { - "name" : "http://bugs.python.org/issue13512", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue13512" - }, - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1592-1" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "USN-1615-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1615-1" - }, - { - "name" : "USN-1616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1616-1" - }, - { - "name" : "51089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51089" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - }, - { - "name" : "51087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1615-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1615-1" + }, + { + "name": "51087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51087" + }, + { + "name": "[oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/27/2" + }, + { + "name": "USN-1592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1592-1" + }, + { + "name": "[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/27/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=758905", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=758905" + }, + { + "name": "USN-1616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1616-1" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555" + }, + { + "name": "http://bugs.python.org/file23824/pypirc-secure.diff", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/file23824/pypirc-secure.diff" + }, + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "51089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51089" + }, + { + "name": "[oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/27/10" + }, + { + "name": "http://bugs.python.org/issue13512", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue13512" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1077.json b/2013/1xxx/CVE-2013-1077.json index 2cdeade224c..25bb1433021 100644 --- a/2013/1xxx/CVE-2013-1077.json +++ b/2013/1xxx/CVE-2013-1077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1077", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1077", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1084.json b/2013/1xxx/CVE-2013-1084.json index 26c549d3fbd..e77205bcef9 100644 --- a/2013/1xxx/CVE-2013-1084.json +++ b/2013/1xxx/CVE-2013-1084.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012027", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012027" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7012760", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7012760" - }, - { - "name" : "55450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012760", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012760" + }, + { + "name": "http://www.novell.com/support/kb/doc.php?id=7012027", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7012027" + }, + { + "name": "55450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55450" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1660.json b/2013/1xxx/CVE-2013-1660.json index 33502908ed6..0a7b328ab63 100644 --- a/2013/1xxx/CVE-2013-1660.json +++ b/2013/1xxx/CVE-2013-1660.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1660", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-1660", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5064.json b/2013/5xxx/CVE-2013-5064.json index f094018f7e7..1ca13e0f0c8 100644 --- a/2013/5xxx/CVE-2013-5064.json +++ b/2013/5xxx/CVE-2013-5064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5064", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5064", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5271.json b/2013/5xxx/CVE-2013-5271.json index 23dcbb5b822..d489897f73b 100644 --- a/2013/5xxx/CVE-2013-5271.json +++ b/2013/5xxx/CVE-2013-5271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5271", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5271", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5415.json b/2013/5xxx/CVE-2013-5415.json index c259b70304d..58a66c61007 100644 --- a/2013/5xxx/CVE-2013-5415.json +++ b/2013/5xxx/CVE-2013-5415.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657982", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21657982" - }, - { - "name" : "ibm-rational-cve20135415-bo(87477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21657982" + }, + { + "name": "ibm-rational-cve20135415-bo(87477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87477" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5597.json b/2013/5xxx/CVE-2013-5597.json index 27c87cf414e..4c2fb21a691 100644 --- a/2013/5xxx/CVE-2013-5597.json +++ b/2013/5xxx/CVE-2013-5597.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-98.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-98.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=918864", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=918864" - }, - { - "name" : "DSA-2788", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2788" - }, - { - "name" : "DSA-2797", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2797" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2013:1476", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1476.html" - }, - { - "name" : "RHSA-2013:1480", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1480.html" - }, - { - "name" : "openSUSE-SU-2013:1634", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" - }, - { - "name" : "SUSE-SU-2013:1678", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html" - }, - { - "name" : "openSUSE-SU-2013:1633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:19277", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-98.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-98.html" + }, + { + "name": "openSUSE-SU-2013:1633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=918864", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=918864" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "RHSA-2013:1480", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1480.html" + }, + { + "name": "RHSA-2013:1476", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1476.html" + }, + { + "name": "openSUSE-SU-2013:1634", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:19277", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19277" + }, + { + "name": "DSA-2788", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2788" + }, + { + "name": "SUSE-SU-2013:1678", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html" + }, + { + "name": "DSA-2797", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2797" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5758.json b/2013/5xxx/CVE-2013-5758.json index 8df82e4e57f..ca3a3d45e25 100644 --- a/2013/5xxx/CVE-2013-5758.json +++ b/2013/5xxx/CVE-2013-5758.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33741", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33741" - }, - { - "name" : "33742", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33742" - }, - { - "name" : "http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html" - }, - { - "name" : "http://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html" - }, - { - "name" : "108080", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/108080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "108080", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/108080" + }, + { + "name": "http://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127096/Yealink-VoIP-Phone-SIP-T38G-Remote-Command-Execution.html" + }, + { + "name": "http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127093/Yealink-VoIP-Phone-SIP-T38G-Privilege-Escalation.html" + }, + { + "name": "33741", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33741" + }, + { + "name": "33742", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33742" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2366.json b/2014/2xxx/CVE-2014-2366.json index 923fad3f29a..01a62c91fdf 100644 --- a/2014/2xxx/CVE-2014-2366.json +++ b/2014/2xxx/CVE-2014-2366.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2368.json b/2014/2xxx/CVE-2014-2368.json index ad083eda206..132db2232b7 100644 --- a/2014/2xxx/CVE-2014-2368.json +++ b/2014/2xxx/CVE-2014-2368.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2014-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-198-02" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2839.json b/2014/2xxx/CVE-2014-2839.json index 8ff7b043748..0d569a3d4cc 100644 --- a/2014/2xxx/CVE-2014-2839.json +++ b/2014/2xxx/CVE-2014-2839.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140328 XSS, CSRF and blind SQL injection in GD Star Rating 1.9.22 (WordPress plugin)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/399" - }, - { - "name" : "https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/", - "refsource" : "MISC", - "url" : "https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/" - }, - { - "name" : "gdstart-wordpress-sql-injection(92156)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92156" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/", + "refsource": "MISC", + "url": "https://advisories.dxw.com/advisories/csrf-and-blind-sql-injection-in-gd-star-rating-1-9-22/" + }, + { + "name": "gdstart-wordpress-sql-injection(92156)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92156" + }, + { + "name": "20140328 XSS, CSRF and blind SQL injection in GD Star Rating 1.9.22 (WordPress plugin)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/399" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2863.json b/2014/2xxx/CVE-2014-2863.json index 27218ecbbf9..0a4bb1057e3 100644 --- a/2014/2xxx/CVE-2014-2863.json +++ b/2014/2xxx/CVE-2014-2863.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#437385", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/437385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple absolute path traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a full pathname in a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#437385", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/437385" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2876.json b/2014/2xxx/CVE-2014-2876.json index aaf6685e22a..0be1caa00d6 100644 --- a/2014/2xxx/CVE-2014-2876.json +++ b/2014/2xxx/CVE-2014-2876.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2876", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2876", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2975.json b/2014/2xxx/CVE-2014-2975.json index dabade00cea..0f755964a3d 100644 --- a/2014/2xxx/CVE-2014-2975.json +++ b/2014/2xxx/CVE-2014-2975.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#867980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/867980" - }, - { - "name" : "68923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#867980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/867980" + }, + { + "name": "68923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68923" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6342.json b/2014/6xxx/CVE-2014-6342.json index a06958003ef..030296b6b9e 100644 --- a/2014/6xxx/CVE-2014-6342.json +++ b/2014/6xxx/CVE-2014-6342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-6348." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-065", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" - }, - { - "name" : "70341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70341" - }, - { - "name" : "1031185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-6348." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031185" + }, + { + "name": "MS14-065", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-065" + }, + { + "name": "70341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70341" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6596.json b/2014/6xxx/CVE-2014-6596.json index 157d9522a49..2c8f22326d5 100644 --- a/2014/6xxx/CVE-2014-6596.json +++ b/2014/6xxx/CVE-2014-6596.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "1031578", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031578", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031578" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6771.json b/2014/6xxx/CVE-2014-6771.json index 045828280d4..a4b0de3b4e3 100644 --- a/2014/6xxx/CVE-2014-6771.json +++ b/2014/6xxx/CVE-2014-6771.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#853361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/853361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#853361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/853361" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0288.json b/2017/0xxx/CVE-2017-0288.json index f087b2b361d..523a7983153 100644 --- a/2017/0xxx/CVE-2017-0288.json +++ b/2017/0xxx/CVE-2017-0288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Windows Graphics Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42241", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42241/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288" - }, - { - "name" : "98923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Windows Graphics Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42241", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42241/" + }, + { + "name": "98923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98923" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0288" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0407.json b/2017/0xxx/CVE-2017-0407.json index 9b851f383bd..d36c653db90 100644 --- a/2017/0xxx/CVE-2017-0407.json +++ b/2017/0xxx/CVE-2017-0407.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01.html" - }, - { - "name" : "96046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96046" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + }, + { + "name": "96046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96046" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0812.json b/2017/0xxx/CVE-2017-0812.json index 8de17c9f00d..a344df03723 100644 --- a/2017/0xxx/CVE-2017-0812.json +++ b/2017/0xxx/CVE-2017-0812.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-10-01" - }, - { - "name" : "101088", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Android media framework (audio hal). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62873231." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f" + }, + { + "name": "https://source.android.com/security/bulletin/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-10-01" + }, + { + "name": "101088", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101088" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000153.json b/2017/1000xxx/CVE-2017-1000153.json index a4f1e5cda68..8a66ad04f24 100644 --- a/2017/1000xxx/CVE-2017-1000153.json +++ b/2017/1000xxx/CVE-2017-1000153.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.364092", - "ID" : "CVE-2017-1000153", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<15.04.10, <15.10.6, <16.04.4" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.364092", + "ID": "CVE-2017-1000153", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1577251", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1577251" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default email, Mahara fails to invalidate old link.Consequently the link in email can be used to gain access to the user's account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1577251", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1577251" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000377.json b/2017/1000xxx/CVE-2017-1000377.json index 364c9fa6f31..0af6fd04f3d 100644 --- a/2017/1000xxx/CVE-2017-1000377.json +++ b/2017/1000xxx/CVE-2017-1000377.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "ID" : "CVE-2017-1000377", - "REQUESTER" : "qsa@qualys.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PAX", - "version" : { - "version_data" : [ - { - "version_value" : "unknown" - } - ] - } - } - ] - }, - "vendor_name" : "Grsecurity" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "A specific CWE doesn't exist, listing as unknown for now" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1000377", + "REQUESTER": "qsa@qualys.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", - "refsource" : "MISC", - "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" - }, - { - "name" : "https://access.redhat.com/security/cve/CVE-2017-1000377", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/CVE-2017-1000377" - }, - { - "name" : "99129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", + "refsource": "MISC", + "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" + }, + { + "name": "https://access.redhat.com/security/cve/CVE-2017-1000377", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/CVE-2017-1000377" + }, + { + "name": "99129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99129" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18220.json b/2017/18xxx/CVE-2017-18220.json index 8c515fd2d29..cc649144450 100644 --- a/2017/18xxx/CVE-2017-18220.json +++ b/2017/18xxx/CVE-2017-18220.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html" - }, - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/438/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/438/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "103276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/438/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/438/" + }, + { + "name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1322-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00025.html" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "103276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103276" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1067.json b/2017/1xxx/CVE-2017-1067.json index 897e454f9f8..d8a48890828 100644 --- a/2017/1xxx/CVE-2017-1067.json +++ b/2017/1xxx/CVE-2017-1067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1680.json b/2017/1xxx/CVE-2017-1680.json index fe1451f3565..14044366b1b 100644 --- a/2017/1xxx/CVE-2017-1680.json +++ b/2017/1xxx/CVE-2017-1680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1980.json b/2017/1xxx/CVE-2017-1980.json index 3bf9626c1da..27e4178ba24 100644 --- a/2017/1xxx/CVE-2017-1980.json +++ b/2017/1xxx/CVE-2017-1980.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1980", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1980", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4161.json b/2017/4xxx/CVE-2017-4161.json index 45311184e2f..065b3ec305a 100644 --- a/2017/4xxx/CVE-2017-4161.json +++ b/2017/4xxx/CVE-2017-4161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4161", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4161", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4765.json b/2017/4xxx/CVE-2017-4765.json index 85fdc3ba955..7c2bbd678ff 100644 --- a/2017/4xxx/CVE-2017-4765.json +++ b/2017/4xxx/CVE-2017-4765.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4765", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4765", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4851.json b/2017/4xxx/CVE-2017-4851.json index 1734d064068..935a63509a8 100644 --- a/2017/4xxx/CVE-2017-4851.json +++ b/2017/4xxx/CVE-2017-4851.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4851", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4851", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4901.json b/2017/4xxx/CVE-2017-4901.json index e20ec10091b..41a93b88b0e 100644 --- a/2017/4xxx/CVE-2017-4901.json +++ b/2017/4xxx/CVE-2017-4901.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workstation Pro/Player", - "version" : { - "version_data" : [ - { - "version_value" : "12.x prior to 12.5.4" - } - ] - } - }, - { - "product_name" : "Fusion Pro / Fusion", - "version" : { - "version_data" : [ - { - "version_value" : "8.x prior to 8.5.5." - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workstation Pro/Player", + "version": { + "version_data": [ + { + "version_value": "12.x prior to 12.5.4" + } + ] + } + }, + { + "product_name": "Fusion Pro / Fusion", + "version": { + "version_data": [ + { + "version_value": "8.x prior to 8.5.5." + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0005.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0005.html" - }, - { - "name" : "96881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96881" - }, - { - "name" : "1038025", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038025" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0005.html" + }, + { + "name": "1038025", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038025" + }, + { + "name": "96881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96881" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5263.json b/2017/5xxx/CVE-2017-5263.json index 50e7ac015f4..eec490cd8e1 100644 --- a/2017/5xxx/CVE-2017-5263.json +++ b/2017/5xxx/CVE-2017-5263.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@rapid7.com", - "ID" : "CVE-2017-5263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cnPilot", - "version" : { - "version_data" : [ - { - "version_value" : "4.3.2-R4 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Cambium Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352 (Cross-Site Request Forgery (CSRF))" - } + "CVE_data_meta": { + "ASSIGNER": "cve@rapid7.com", + "ID": "CVE-2017-5263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cnPilot", + "version": { + "version_data": [ + { + "version_value": "4.3.2-R4 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Cambium Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack CSRF controls that can mitigate the effects of CSRF attacks, which are most typically implemented as randomized per-session tokens associated with any web application function, especially destructive ones." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 (Cross-Site Request Forgery (CSRF))" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5307.json b/2017/5xxx/CVE-2017-5307.json index 82c0ad403e4..dd0b3651a75 100644 --- a/2017/5xxx/CVE-2017-5307.json +++ b/2017/5xxx/CVE-2017-5307.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5307", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5307", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file