diff --git a/2006/2xxx/CVE-2006-2072.json b/2006/2xxx/CVE-2006-2072.json index 5507eba8b76..0d0b5d6306f 100644 --- a/2006/2xxx/CVE-2006-2072.json +++ b/2006/2xxx/CVE-2006-2072.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" - }, - { - "name" : "VU#955777", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/955777" - }, - { - "name" : "17691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17691" - }, - { - "name" : "ADV-2006-1505", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1505" - }, - { - "name" : "ADV-2006-1506", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1506" - }, - { - "name" : "1015991", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015991" - }, - { - "name" : "19750", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19750" - }, - { - "name" : "dns-improper-request-handling(26081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dns-improper-request-handling(26081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081" + }, + { + "name": "VU#955777", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/955777" + }, + { + "name": "1015991", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015991" + }, + { + "name": "19750", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19750" + }, + { + "name": "ADV-2006-1505", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1505" + }, + { + "name": "ADV-2006-1506", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1506" + }, + { + "name": "17691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17691" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2129.json b/2006/2xxx/CVE-2006-2129.json index 6e6e07ba38d..7e3d1c4c6cf 100644 --- a/2006/2xxx/CVE-2006-2129.json +++ b/2006/2xxx/CVE-2006-2129.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://evuln.com/vulns/130/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/130/summary.html" - }, - { - "name" : "17762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17762" - }, - { - "name" : "ADV-2006-1578", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1578" - }, - { - "name" : "25128", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25128" - }, - { - "name" : "19882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19882" - }, - { - "name" : "propublish-setinc-file-include(26149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19882" + }, + { + "name": "ADV-2006-1578", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1578" + }, + { + "name": "17762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17762" + }, + { + "name": "25128", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25128" + }, + { + "name": "propublish-setinc-file-include(26149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26149" + }, + { + "name": "http://evuln.com/vulns/130/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/130/summary.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2318.json b/2006/2xxx/CVE-2006-2318.json index c94975be822..f862fe4d3dc 100644 --- a/2006/2xxx/CVE-2006-2318.json +++ b/2006/2xxx/CVE-2006-2318.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a \".asa\" file, which bypasses the check for the \".asp\" extension but is executable on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433248/100/0/threaded" - }, - { - "name" : "20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html" - }, - { - "name" : "http://www.idealscience.com/ibb/posts.aspx?postID=24415", - "refsource" : "MISC", - "url" : "http://www.idealscience.com/ibb/posts.aspx?postID=24415" - }, - { - "name" : "17920", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17920" - }, - { - "name" : "ADV-2006-1729", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1729" - }, - { - "name" : "25456", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25456" - }, - { - "name" : "20035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20035" - }, - { - "name" : "871", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/871" - }, - { - "name" : "idealbb-asp-file-upload(26353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to upload and execute an ASP script via a \".asa\" file, which bypasses the check for the \".asp\" extension but is executable on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25456", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25456" + }, + { + "name": "20035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20035" + }, + { + "name": "20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045887.html" + }, + { + "name": "ADV-2006-1729", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1729" + }, + { + "name": "20060508 Multiple Vulnerabilities In IdealBB ASP Bulletin Board", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433248/100/0/threaded" + }, + { + "name": "17920", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17920" + }, + { + "name": "idealbb-asp-file-upload(26353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26353" + }, + { + "name": "871", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/871" + }, + { + "name": "http://www.idealscience.com/ibb/posts.aspx?postID=24415", + "refsource": "MISC", + "url": "http://www.idealscience.com/ibb/posts.aspx?postID=24415" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2649.json b/2006/2xxx/CVE-2006-2649.json index 73c9249c46f..f38af84bd78 100644 --- a/2006/2xxx/CVE-2006-2649.json +++ b/2006/2xxx/CVE-2006-2649.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html" - }, - { - "name" : "http://www.zone-h.org/advisories/read/id=9058", - "refsource" : "MISC", - "url" : "http://www.zone-h.org/advisories/read/id=9058" - }, - { - "name" : "18709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18709" - }, - { - "name" : "ADV-2006-1984", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1984" - }, - { - "name" : "26091", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26091" - }, - { - "name" : "26093", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26093" - }, - { - "name" : "26090", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26090" - }, - { - "name" : "26092", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26092" - }, - { - "name" : "1016164", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016164" - }, - { - "name" : "20272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20272" - }, - { - "name" : "cosmicshoppingcart-search-xss(26681)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26681" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, (b) search_cat.php, (c) search_price.php, and (d) product_details.php in the cosmicshop directory for CosmicShoppingCart allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, as demonstrated by the (1) query parameter in search.php and the (2) data parameter in search_cat.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26092", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26092" + }, + { + "name": "26091", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26091" + }, + { + "name": "18709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18709" + }, + { + "name": "cosmicshoppingcart-search-xss(26681)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26681" + }, + { + "name": "http://www.zone-h.org/advisories/read/id=9058", + "refsource": "MISC", + "url": "http://www.zone-h.org/advisories/read/id=9058" + }, + { + "name": "1016164", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016164" + }, + { + "name": "20060526 ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0683.html" + }, + { + "name": "20272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20272" + }, + { + "name": "26093", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26093" + }, + { + "name": "ADV-2006-1984", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1984" + }, + { + "name": "26090", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26090" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2734.json b/2006/2xxx/CVE-2006-2734.json index 9531f433f8c..ddcb5e894e9 100644 --- a/2006/2xxx/CVE-2006-2734.json +++ b/2006/2xxx/CVE-2006-2734.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435279/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=31", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=31" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=31", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=31" - }, - { - "name" : "1002", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060528 Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435279/100/0/threaded" + }, + { + "name": "http://www.nukedx.com/?viewdoc=31", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=31" + }, + { + "name": "http://www.nukedx.com/?getxpl=31", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=31" + }, + { + "name": "1002", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1002" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2881.json b/2006/2xxx/CVE-2006-2881.json index 37048b0d6c5..f7829626c02 100644 --- a/2006/2xxx/CVE-2006-2881.json +++ b/2006/2xxx/CVE-2006-2881.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435991/100/0/threaded" - }, - { - "name" : "20060606 Re: [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436134/100/0/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls8.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls8.txt" - }, - { - "name" : "1881", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1881" - }, - { - "name" : "18278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18278" - }, - { - "name" : "ADV-2006-2152", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2152" - }, - { - "name" : "26168", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26168" - }, - { - "name" : "26169", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26169" - }, - { - "name" : "26170", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26170" - }, - { - "name" : "1016272", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016272" - }, - { - "name" : "20468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20468" - }, - { - "name" : "1062", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1062" - }, - { - "name" : "dreamaccount-dapath-file-include(26932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1062", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1062" + }, + { + "name": "1881", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1881" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls8.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls8.txt" + }, + { + "name": "26170", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26170" + }, + { + "name": "1016272", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016272" + }, + { + "name": "dreamaccount-dapath-file-include(26932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26932" + }, + { + "name": "20468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20468" + }, + { + "name": "26168", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26168" + }, + { + "name": "18278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18278" + }, + { + "name": "20060606 Re: [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436134/100/0/threaded" + }, + { + "name": "26169", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26169" + }, + { + "name": "ADV-2006-2152", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2152" + }, + { + "name": "20060605 [MajorSecurity #8]DreamAccount <= 3.1 - Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435991/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3169.json b/2006/3xxx/CVE-2006-3169.json index b3fd3b5eedb..6783b6b8836 100644 --- a/2006/3xxx/CVE-2006-3169.json +++ b/2006/3xxx/CVE-2006-3169.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436789/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/csforum081.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/csforum081.txt" - }, - { - "name" : "http://www.comscripts.com/scripts/php.cs-forum.643.html", - "refsource" : "CONFIRM", - "url" : "http://www.comscripts.com/scripts/php.cs-forum.643.html" - }, - { - "name" : "ADV-2006-2314", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2314" - }, - { - "name" : "26379", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26379" - }, - { - "name" : "26380", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26380" - }, - { - "name" : "20534", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20534" - }, - { - "name" : "1124", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1124" - }, - { - "name" : "csforum-read-ajouter-xss(27175)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3) id and (4) parent parameters and (5) CSForum_nom, (6) CSForum_mail, and (7) CSForum_url cookie parameters in (b) ajouter.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.comscripts.com/scripts/php.cs-forum.643.html", + "refsource": "CONFIRM", + "url": "http://www.comscripts.com/scripts/php.cs-forum.643.html" + }, + { + "name": "20534", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20534" + }, + { + "name": "26380", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26380" + }, + { + "name": "ADV-2006-2314", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2314" + }, + { + "name": "20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436789/100/0/threaded" + }, + { + "name": "26379", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26379" + }, + { + "name": "http://www.acid-root.new.fr/advisories/csforum081.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/csforum081.txt" + }, + { + "name": "1124", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1124" + }, + { + "name": "csforum-read-ajouter-xss(27175)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27175" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3296.json b/2006/3xxx/CVE-2006-3296.json index e0f3c987357..bb40c1264e1 100644 --- a/2006/3xxx/CVE-2006-3296.json +++ b/2006/3xxx/CVE-2006-3296.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060625 OpenGuestbook Cross Site Scripting & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438381/100/0/threaded" - }, - { - "name" : "18666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18666" - }, - { - "name" : "ADV-2006-2545", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2545" - }, - { - "name" : "20796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20796" - }, - { - "name" : "1166", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1166" - }, - { - "name" : "open-guestbook-view-sql-injection(27400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "open-guestbook-view-sql-injection(27400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27400" + }, + { + "name": "ADV-2006-2545", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2545" + }, + { + "name": "20796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20796" + }, + { + "name": "18666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18666" + }, + { + "name": "1166", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1166" + }, + { + "name": "20060625 OpenGuestbook Cross Site Scripting & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438381/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3852.json b/2006/3xxx/CVE-2006-3852.json index 6bb8666203e..38699ef05f7 100644 --- a/2006/3xxx/CVE-2006-3852.json +++ b/2006/3xxx/CVE-2006-3852.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment (\"text\") fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060721 MicroGuestBook Remote XSS Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440855/100/0/threaded" - }, - { - "name" : "http://it.security.netsons.org/exploit/MicroGuestBook.txt", - "refsource" : "MISC", - "url" : "http://it.security.netsons.org/exploit/MicroGuestBook.txt" - }, - { - "name" : "19119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19119" - }, - { - "name" : "ADV-2006-2935", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2935" - }, - { - "name" : "28677", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28677" - }, - { - "name" : "21155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21155" - }, - { - "name" : "1285", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1285" - }, - { - "name" : "micro-guestbook-add-xss(27911)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment (\"text\") fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2935", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2935" + }, + { + "name": "20060721 MicroGuestBook Remote XSS Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440855/100/0/threaded" + }, + { + "name": "28677", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28677" + }, + { + "name": "19119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19119" + }, + { + "name": "http://it.security.netsons.org/exploit/MicroGuestBook.txt", + "refsource": "MISC", + "url": "http://it.security.netsons.org/exploit/MicroGuestBook.txt" + }, + { + "name": "21155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21155" + }, + { + "name": "1285", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1285" + }, + { + "name": "micro-guestbook-add-xss(27911)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27911" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6204.json b/2006/6xxx/CVE-2006-6204.json index cb62d6713c8..247c1dbccc5 100644 --- a/2006/6xxx/CVE-2006-6204.json +++ b/2006/6xxx/CVE-2006-6204.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061120 ehomes [multiples injections sql]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452107/100/100/threaded" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=50", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=50" - }, - { - "name" : "21193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21193" - }, - { - "name" : "ADV-2006-4643", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4643" - }, - { - "name" : "23016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23016" - }, - { - "name" : "1942", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1942" - }, - { - "name" : "ehomes-multiple-sql-injection(30419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30419" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4643", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4643" + }, + { + "name": "21193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21193" + }, + { + "name": "ehomes-multiple-sql-injection(30419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30419" + }, + { + "name": "23016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23016" + }, + { + "name": "20061120 ehomes [multiples injections sql]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452107/100/100/threaded" + }, + { + "name": "1942", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1942" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=50", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=50" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6368.json b/2006/6xxx/CVE-2006-6368.json index b59220b945c..132131fdbd0 100644 --- a/2006/6xxx/CVE-2006-6368.json +++ b/2006/6xxx/CVE-2006-6368.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2884", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2884" - }, - { - "name" : "20061206 awrate 1.0 search.php RFI - source verify, small wrinkle", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001166.html" - }, - { - "name" : "21407", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21407" - }, - { - "name" : "ADV-2006-4839", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4839" - }, - { - "name" : "23293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23293" - }, - { - "name" : "awrate-search-file-include(30708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23293" + }, + { + "name": "awrate-search-file-include(30708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30708" + }, + { + "name": "2884", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2884" + }, + { + "name": "ADV-2006-4839", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4839" + }, + { + "name": "20061206 awrate 1.0 search.php RFI - source verify, small wrinkle", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001166.html" + }, + { + "name": "21407", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21407" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6653.json b/2006/6xxx/CVE-2006-6653.json index ae0fa59f5d3..de520990bb4 100644 --- a/2006/6xxx/CVE-2006-6653.json +++ b/2006/6xxx/CVE-2006-6653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka \"a dangling socket\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "NetBSD-SA2006-026", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc" - }, - { - "name" : "1017293", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka \"a dangling socket\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017293", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017293" + }, + { + "name": "NetBSD-SA2006-026", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2006-026.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6705.json b/2006/6xxx/CVE-2006-6705.json index 4deae48de65..98feb96ffb3 100644 --- a/2006/6xxx/CVE-2006-6705.json +++ b/2006/6xxx/CVE-2006-6705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-016_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-016_e/01-e.html" - }, - { - "name" : "ADV-2006-5114", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5114" - }, - { - "name" : "23399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5114", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5114" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-016_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-016_e/01-e.html" + }, + { + "name": "23399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23399" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7222.json b/2006/7xxx/CVE-2006-7222.json index d5b5f881960..712b5b953a4 100644 --- a/2006/7xxx/CVE-2006-7222.json +++ b/2006/7xxx/CVE-2006-7222.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.team509.com/modules.php?name=News&file=article&sid=38", - "refsource" : "MISC", - "url" : "http://www.team509.com/modules.php?name=News&file=article&sid=38" - }, - { - "name" : "25437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25437" - }, - { - "name" : "26591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26591" - }, - { - "name" : "mediaplayerclassic-fli-bo(36242)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26591" + }, + { + "name": "http://www.team509.com/modules.php?name=News&file=article&sid=38", + "refsource": "MISC", + "url": "http://www.team509.com/modules.php?name=News&file=article&sid=38" + }, + { + "name": "25437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25437" + }, + { + "name": "mediaplayerclassic-fli-bo(36242)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36242" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0293.json b/2011/0xxx/CVE-2011-0293.json index 14fff08c01f..e8f071b052e 100644 --- a/2011/0xxx/CVE-2011-0293.json +++ b/2011/0xxx/CVE-2011-0293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0670.json b/2011/0xxx/CVE-2011-0670.json index 5b0562799fa..0006e964f00 100644 --- a/2011/0xxx/CVE-2011-0670.json +++ b/2011/0xxx/CVE-2011-0670.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-0670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47205" - }, - { - "name" : "71744", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71744" - }, - { - "name" : "oval:org.mitre.oval:def:12337", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var5-priv-escalation(66399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "47205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47205" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "mswin-win32k-var5-priv-escalation(66399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66399" + }, + { + "name": "71744", + "refsource": "OSVDB", + "url": "http://osvdb.org/71744" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + }, + { + "name": "oval:org.mitre.oval:def:12337", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12337" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0971.json b/2011/0xxx/CVE-2011-0971.json index ead54ab4f5d..a1ce32df8fd 100644 --- a/2011/0xxx/CVE-2011-0971.json +++ b/2011/0xxx/CVE-2011-0971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1083.json b/2011/1xxx/CVE-2011-1083.json index 206bccc0b6d..7045ec49c24 100644 --- a/2011/1xxx/CVE-2011-1083.json +++ b/2011/1xxx/CVE-2011-1083.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20110225 [PATCH] optimize epoll loop detection", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/1105744" - }, - { - "name" : "[linux-kernel] 20110226 Re: [PATCH] optimize epoll loop detection", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/1105888" - }, - { - "name" : "[linux-kernel] 20110228 Re: [PATCH] optimize epoll loop detection", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.linux.kernel/1106686" - }, - { - "name" : "[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/02/1" - }, - { - "name" : "[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/02/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=681578", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=681578" - }, - { - "name" : "RHSA-2012:0862", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0862.html" - }, - { - "name" : "SUSE-SU-2012:0554", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" - }, - { - "name" : "SUSE-SU-2012:0616", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html" - }, - { - "name" : "71265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/71265" - }, - { - "name" : "43522", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43522" - }, - { - "name" : "48898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48898" - }, - { - "name" : "48964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48964" - }, - { - "name" : "48115", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48115" - }, - { - "name" : "48410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[linux-kernel] 20110226 Re: [PATCH] optimize epoll loop detection", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/1105888" + }, + { + "name": "43522", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43522" + }, + { + "name": "SUSE-SU-2012:0554", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" + }, + { + "name": "[oss-security] 20110302 Re: CVE request: kernel: Multiple DoS issues in epoll", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/02/2" + }, + { + "name": "[linux-kernel] 20110228 Re: [PATCH] optimize epoll loop detection", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/1106686" + }, + { + "name": "48898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48898" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=681578", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=681578" + }, + { + "name": "48410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48410" + }, + { + "name": "[linux-kernel] 20110225 [PATCH] optimize epoll loop detection", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.linux.kernel/1105744" + }, + { + "name": "48964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48964" + }, + { + "name": "[oss-security] 20110301 CVE request: kernel: Multiple DoS issues in epoll", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/02/1" + }, + { + "name": "SUSE-SU-2012:0616", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00013.html" + }, + { + "name": "48115", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48115" + }, + { + "name": "RHSA-2012:0862", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0862.html" + }, + { + "name": "71265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/71265" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1354.json b/2011/1xxx/CVE-2011-1354.json index 3fb3f8afdc6..c7e10952853 100644 --- a/2011/1xxx/CVE-2011-1354.json +++ b/2011/1xxx/CVE-2011-1354.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1354", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1354", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3234.json b/2011/3xxx/CVE-2011-3234.json index 36dbaf4cc05..f0987bf0f22 100644 --- a/2011/3xxx/CVE-2011-3234.json +++ b/2011/3xxx/CVE-2011-3234.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=89991", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=89991" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "75550", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75550" - }, - { - "name" : "oval:org.mitre.oval:def:14224", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14224" - }, - { - "name" : "chrome-box-code-execution(69876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=89991", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=89991" + }, + { + "name": "75550", + "refsource": "OSVDB", + "url": "http://osvdb.org/75550" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:14224", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14224" + }, + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "chrome-box-code-execution(69876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69876" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3827.json b/2011/3xxx/CVE-2011-3827.json index c749df2d483..3863b2d75b6 100644 --- a/2011/3xxx/CVE-2011-3827.json +++ b/2011/3xxx/CVE-2011-3827.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3827", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-3827", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120917 Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html" - }, - { - "name" : "http://secunia.com/secunia_research/2012-30/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-30/" - }, - { - "name" : "http://www.novell.com/support/kb/doc.php?id=7010767", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/kb/doc.php?id=7010767" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=733887", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=733887" - }, - { - "name" : "1027540", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iCalendar component in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted date-time string in a .ics attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.novell.com/support/kb/doc.php?id=7010767", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/kb/doc.php?id=7010767" + }, + { + "name": "http://secunia.com/secunia_research/2012-30/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-30/" + }, + { + "name": "20120917 Secunia Research: Novell GroupWise iCalendar Date/Time Parsing Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0075.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=733887", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=733887" + }, + { + "name": "1027540", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027540" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3887.json b/2011/3xxx/CVE-2011-3887.json index c404f34cd71..09f7a2cd2ce 100644 --- a/2011/3xxx/CVE-2011-3887.json +++ b/2011/3xxx/CVE-2011-3887.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=98407", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=98407" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:13179", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "google-chrome-uri-sec-bypass(70965)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-uri-sec-bypass(70965)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70965" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:13179", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13179" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=98407", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=98407" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3905.json b/2011/3xxx/CVE-2011-3905.json index 8e51ab93a9d..0845ea63ec2 100644 --- a/2011/3xxx/CVE-2011-3905.json +++ b/2011/3xxx/CVE-2011-3905.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=95465", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=95465" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" - }, - { - "name" : "DSA-2394", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2394" - }, - { - "name" : "MDVSA-2011:188", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:188" - }, - { - "name" : "RHSA-2013:0217", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0217.html" - }, - { - "name" : "oval:org.mitre.oval:def:14761", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14761", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761" + }, + { + "name": "RHSA-2013:0217", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html" + }, + { + "name": "MDVSA-2011:188", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:188" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=95465", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=95465" + }, + { + "name": "DSA-2394", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2394" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4027.json b/2011/4xxx/CVE-2011-4027.json index a55adfeb466..406a600271a 100644 --- a/2011/4xxx/CVE-2011-4027.json +++ b/2011/4xxx/CVE-2011-4027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4402.json b/2011/4xxx/CVE-2011-4402.json index 604b6b471b8..0181b22d89e 100644 --- a/2011/4xxx/CVE-2011-4402.json +++ b/2011/4xxx/CVE-2011-4402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4402", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4402", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4435.json b/2011/4xxx/CVE-2011-4435.json index c727766a439..cc43744734a 100644 --- a/2011/4xxx/CVE-2011-4435.json +++ b/2011/4xxx/CVE-2011-4435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "PM41190", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM41190" - }, - { - "name" : "1026278", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026278" - }, - { - "name" : "46487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM41190", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM41190" + }, + { + "name": "46487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46487" + }, + { + "name": "1026278", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026278" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4559.json b/2011/4xxx/CVE-2011-4559.json index da28c3464d3..746ec5d7339 100644 --- a/2011/4xxx/CVE-2011-4559.json +++ b/2011/4xxx/CVE-2011-4559.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520006/100/0/threaded" - }, - { - "name" : "20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Oct/224" - }, - { - "name" : "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin", - "refsource" : "MISC", - "url" : "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin" - }, - { - "name" : "49948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49948" - }, - { - "name" : "76138", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76138" - }, - { - "name" : "vtigercrm-index-sql-injection(70344)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520006/100/0/threaded" + }, + { + "name": "20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Oct/224" + }, + { + "name": "49948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49948" + }, + { + "name": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin", + "refsource": "MISC", + "url": "http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin" + }, + { + "name": "76138", + "refsource": "OSVDB", + "url": "http://osvdb.org/76138" + }, + { + "name": "vtigercrm-index-sql-injection(70344)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70344" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4998.json b/2011/4xxx/CVE-2011-4998.json index 18550a587cf..d1d1f961720 100644 --- a/2011/4xxx/CVE-2011-4998.json +++ b/2011/4xxx/CVE-2011-4998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4998", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4998", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5070.json b/2013/5xxx/CVE-2013-5070.json index 9614a6c7502..20e3a04a2e7 100644 --- a/2013/5xxx/CVE-2013-5070.json +++ b/2013/5xxx/CVE-2013-5070.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5070", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5398.json b/2013/5xxx/CVE-2013-5398.json index c4f3c1cb81b..b225b6ac771 100644 --- a/2013/5xxx/CVE-2013-5398.json +++ b/2013/5xxx/CVE-2013-5398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654471", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654471" - }, - { - "name" : "ibm-rational-cve20135398-info-disc(87294)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87294" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21654471", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654471" + }, + { + "name": "ibm-rational-cve20135398-info-disc(87294)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87294" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2037.json b/2014/2xxx/CVE-2014-2037.json index bf46845d781..7dd85f37da4 100644 --- a/2014/2xxx/CVE-2014-2037.json +++ b/2014/2xxx/CVE-2014-2037.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Openswan Users] 20140221 Openswan 2.6.41 released", - "refsource" : "MLIST", - "url" : "https://lists.openswan.org/pipermail/users/2014-February/022898.html" - }, - { - "name" : "[oss-security] 20140217 Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/18/1" - }, - { - "name" : "[oss-security] 20140220 Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/20/2" - }, - { - "name" : "65629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140217 Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/18/1" + }, + { + "name": "[Openswan Users] 20140221 Openswan 2.6.41 released", + "refsource": "MLIST", + "url": "https://lists.openswan.org/pipermail/users/2014-February/022898.html" + }, + { + "name": "[oss-security] 20140220 Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/20/2" + }, + { + "name": "65629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65629" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2115.json b/2014/2xxx/CVE-2014-2115.json index 6a006161416..148cd372b74 100644 --- a/2014/2xxx/CVE-2014-2115.json +++ b/2014/2xxx/CVE-2014-2115.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33643", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=33643" - }, - { - "name" : "20140403 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115" - }, - { - "name" : "66631", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66631" - }, - { - "name" : "1030019", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun24250." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140403 Cisco Emergency Responder Cross-Site Request Forgery Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2115" + }, + { + "name": "1030019", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030019" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33643", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=33643" + }, + { + "name": "66631", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66631" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2232.json b/2014/2xxx/CVE-2014-2232.json index 82e2e3bfce9..b2cd190df79 100644 --- a/2014/2xxx/CVE-2014-2232.json +++ b/2014/2xxx/CVE-2014-2232.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2232", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", - "refsource" : "MISC", - "url" : "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp" - }, - { - "name" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", - "refsource" : "MISC", - "url" : "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp" - }, - { - "name" : "http://www.christian-schneider.net/advisories/CVE-2014-2232.txt", - "refsource" : "MISC", - "url" : "http://www.christian-schneider.net/advisories/CVE-2014-2232.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.christian-schneider.net/advisories/CVE-2014-2232.txt", + "refsource": "MISC", + "url": "http://www.christian-schneider.net/advisories/CVE-2014-2232.txt" + }, + { + "name": "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp", + "refsource": "MISC", + "url": "http://iw.mapandroute.de/MapAPI-1.1/releaseHistory.jsp" + }, + { + "name": "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp", + "refsource": "MISC", + "url": "http://iw.mapandroute.de/MapAPI-1.0/releaseHistory.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2421.json b/2014/2xxx/CVE-2014-2421.json index 6d4d6bc9fd2..8ba8deb7705 100644 --- a/2014/2xxx/CVE-2014-2421.json +++ b/2014/2xxx/CVE-2014-2421.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" - }, - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "GLSA-201502-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-12.xml" - }, - { - "name" : "HPSBUX03091", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "HPSBUX03092", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "SSRT101667", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852886808946&w=2" - }, - { - "name" : "SSRT101668", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=140852974709252&w=2" - }, - { - "name" : "RHSA-2014:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0675.html" - }, - { - "name" : "RHSA-2014:0685", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0685.html" - }, - { - "name" : "RHSA-2014:0413", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0413" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "USN-2187-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2187-1" - }, - { - "name" : "66881", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66881" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - }, - { - "name" : "59058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2187-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2187-1" + }, + { + "name": "RHSA-2014:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0675.html" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "HPSBUX03091", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672080" + }, + { + "name": "RHSA-2014:0413", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0413" + }, + { + "name": "59058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59058" + }, + { + "name": "SSRT101667", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852886808946&w=2" + }, + { + "name": "HPSBUX03092", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "RHSA-2014:0685", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0685.html" + }, + { + "name": "66881", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66881" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + }, + { + "name": "SSRT101668", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=140852974709252&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676746" + }, + { + "name": "GLSA-201502-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2425.json b/2014/2xxx/CVE-2014-2425.json index ecf731aedaa..2be02ae0ec4 100644 --- a/2014/2xxx/CVE-2014-2425.json +++ b/2014/2xxx/CVE-2014-2425.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2481.json b/2014/2xxx/CVE-2014-2481.json index 995ff4ea93e..c304e34ef74 100644 --- a/2014/2xxx/CVE-2014-2481.json +++ b/2014/2xxx/CVE-2014-2481.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6111.json b/2014/6xxx/CVE-2014-6111.json index 7bf1cc53238..0aec4168935 100644 --- a/2014/6xxx/CVE-2014-6111.json +++ b/2014/6xxx/CVE-2014-6111.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698020" - }, - { - "name" : "ibm-sim-cve20146111-info-disc(96180)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698020" + }, + { + "name": "ibm-sim-cve20146111-info-disc(96180)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96180" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6181.json b/2014/6xxx/CVE-2014-6181.json index 0e10e124009..524a7920353 100644 --- a/2014/6xxx/CVE-2014-6181.json +++ b/2014/6xxx/CVE-2014-6181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693381", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693381" - }, - { - "name" : "IV25285", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25285" - }, - { - "name" : "ibm-wsrr-cve20146181-sec-bypass(98517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-wsrr-cve20146181-sec-bypass(98517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98517" + }, + { + "name": "IV25285", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV25285" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693381", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693381" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6608.json b/2014/6xxx/CVE-2014-6608.json index fb1965f95b2..d765bc9f266 100644 --- a/2014/6xxx/CVE-2014-6608.json +++ b/2014/6xxx/CVE-2014-6608.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6608", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6608", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6880.json b/2014/6xxx/CVE-2014-6880.json index 963b8276f4e..5e1b27ffbfb 100644 --- a/2014/6xxx/CVE-2014-6880.json +++ b/2014/6xxx/CVE-2014-6880.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6880", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6880", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#648673", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/648673" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#648673", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/648673" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7505.json b/2014/7xxx/CVE-2014-7505.json index cdefc4ba39e..f3059212cd5 100644 --- a/2014/7xxx/CVE-2014-7505.json +++ b/2014/7xxx/CVE-2014-7505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#244401", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/244401" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#244401", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/244401" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7611.json b/2014/7xxx/CVE-2014-7611.json index 91cb76414fd..5e2637dee49 100644 --- a/2014/7xxx/CVE-2014-7611.json +++ b/2014/7xxx/CVE-2014-7611.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#600713", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/600713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#600713", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/600713" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0181.json b/2017/0xxx/CVE-2017-0181.json index 236a904e0bb..4b03c766d49 100644 --- a/2017/0xxx/CVE-2017-0181.json +++ b/2017/0xxx/CVE-2017-0181.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Hyper-V", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Hyper-V", + "version": { + "version_data": [ + { + "version_value": "Windows 10 and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181" - }, - { - "name" : "97445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97445" - }, - { - "name" : "1038233", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Hyper-V Remote Code Execution Vulnerability.\" This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0181" + }, + { + "name": "97445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97445" + }, + { + "name": "1038233", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038233" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0507.json b/2017/0xxx/CVE-2017-0507.json index dc8e0f4c254..810c205ba01 100644 --- a/2017/0xxx/CVE-2017-0507.json +++ b/2017/0xxx/CVE-2017-0507.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96952" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the kernel ION subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31992382." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96952" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0568.json b/2017/0xxx/CVE-2017-0568.json index 3f30d08be4a..c3e34cea6c3 100644 --- a/2017/0xxx/CVE-2017-0568.json +++ b/2017/0xxx/CVE-2017-0568.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "97331", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97331" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34197514. References: B-RB#112600." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "97331", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97331" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0971.json b/2017/0xxx/CVE-2017-0971.json index f51cb720944..d932df6847c 100644 --- a/2017/0xxx/CVE-2017-0971.json +++ b/2017/0xxx/CVE-2017-0971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0971", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0971", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000072.json b/2017/1000xxx/CVE-2017-1000072.json index 84ed176fb7b..ef7d13c5217 100644 --- a/2017/1000xxx/CVE-2017-1000072.json +++ b/2017/1000xxx/CVE-2017-1000072.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.322671", - "ID" : "CVE-2017-1000072", - "REQUESTER" : "robin.williams@rsmus.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gravity", - "version" : { - "version_data" : [ - { - "version_value" : "1" - } - ] - } - } - ] - }, - "vendor_name" : "Creolabs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.322671", + "ID": "CVE-2017-1000072", + "REQUESTER": "robin.williams@rsmus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/123", - "refsource" : "CONFIRM", - "url" : "https://github.com/marcobambini/gravity/issues/123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/123", + "refsource": "CONFIRM", + "url": "https://github.com/marcobambini/gravity/issues/123" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000482.json b/2017/1000xxx/CVE-2017-1000482.json index 38b45c16b6b..b98921029f8 100644 --- a/2017/1000xxx/CVE-2017-1000482.json +++ b/2017/1000xxx/CVE-2017-1000482.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000482", - "REQUESTER" : "security@plone.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Plone", - "version" : { - "version_data" : [ - { - "version_value" : "2.5-5.1rc1" - } - ] - } - } - ] - }, - "vendor_name" : "Plone Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000482", + "REQUESTER": "security@plone.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", - "refsource" : "MISC", - "url" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", + "refsource": "MISC", + "url": "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000493.json b/2017/1000xxx/CVE-2017-1000493.json index 6e92677c470..49d847d6e7c 100644 --- a/2017/1000xxx/CVE-2017-1000493.json +++ b/2017/1000xxx/CVE-2017-1000493.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000493", - "REQUESTER" : "security@rocket.chat", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rocket.Chat Server", - "version" : { - "version_data" : [ - { - "version_value" : "0.59" - } - ] - } - } - ] - }, - "vendor_name" : "Rocket.Chat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "NoSQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000493", + "REQUESTER": "security@rocket.chat", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", - "refsource" : "MISC", - "url" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html" - }, - { - "name" : "https://github.com/RocketChat/Rocket.Chat/pull/8408", - "refsource" : "CONFIRM", - "url" : "https://github.com/RocketChat/Rocket.Chat/pull/8408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", + "refsource": "MISC", + "url": "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html" + }, + { + "name": "https://github.com/RocketChat/Rocket.Chat/pull/8408", + "refsource": "CONFIRM", + "url": "https://github.com/RocketChat/Rocket.Chat/pull/8408" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1014.json b/2017/1xxx/CVE-2017-1014.json index ea7bfdb877c..1691b58effc 100644 --- a/2017/1xxx/CVE-2017-1014.json +++ b/2017/1xxx/CVE-2017-1014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1093.json b/2017/1xxx/CVE-2017-1093.json index f21625d63e9..33a4deaa9ba 100644 --- a/2017/1xxx/CVE-2017-1093.json +++ b/2017/1xxx/CVE-2017-1093.json @@ -1,234 +1,234 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AIX", - "version" : { - "version_data" : [ - { - "version_value" : "3.4" - }, - { - "version_value" : "3.2.0" - }, - { - "version_value" : "4.1.1" - }, - { - "version_value" : "4.1.2" - }, - { - "version_value" : "4.1.3" - }, - { - "version_value" : "4.1.4" - }, - { - "version_value" : "4.1.5" - }, - { - "version_value" : "4.2.0" - }, - { - "version_value" : "4.2.1.12" - }, - { - "version_value" : "430" - }, - { - "version_value" : "5" - }, - { - "version_value" : "5.1L" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2 L" - }, - { - "version_value" : "5.3 L" - }, - { - "version_value" : "5.3.7" - }, - { - "version_value" : "4.3" - }, - { - "version_value" : "4.3.2" - }, - { - "version_value" : "4" - }, - { - "version_value" : "5.2" - }, - { - "version_value" : "4.3.1" - }, - { - "version_value" : "4.3.3.10" - }, - { - "version_value" : "3.1" - }, - { - "version_value" : "4.2.1" - }, - { - "version_value" : "4.2" - }, - { - "version_value" : "2.2.1" - }, - { - "version_value" : "5.1" - }, - { - "version_value" : "4.3.3" - }, - { - "version_value" : "4.1" - }, - { - "version_value" : "3.2.5" - }, - { - "version_value" : "3.2" - }, - { - "version_value" : "3.2.4" - }, - { - "version_value" : "6.1" - }, - { - "version_value" : "5.3" - }, - { - "version_value" : "5.2.0.50" - }, - { - "version_value" : "5.2.0.54" - }, - { - "version_value" : "5.3.0.10" - }, - { - "version_value" : "5.3.0.20" - }, - { - "version_value" : "5.2.0" - }, - { - "version_value" : "5.3.0" - }, - { - "version_value" : "5.3.8" - }, - { - "version_value" : "6.1.1" - }, - { - "version_value" : "6.1.2" - }, - { - "version_value" : "5.3.9" - }, - { - "version_value" : "6.1.0" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "1.2.1" - }, - { - "version_value" : "1.3" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "4.3.0" - }, - { - "version_value" : "5.1.0.10" - }, - { - "version_value" : "5.3" - }, - { - "version_value" : "5.3_ml03" - }, - { - "version_value" : "5L" - }, - { - "version_value" : "7.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AIX", + "version": { + "version_data": [ + { + "version_value": "3.4" + }, + { + "version_value": "3.2.0" + }, + { + "version_value": "4.1.1" + }, + { + "version_value": "4.1.2" + }, + { + "version_value": "4.1.3" + }, + { + "version_value": "4.1.4" + }, + { + "version_value": "4.1.5" + }, + { + "version_value": "4.2.0" + }, + { + "version_value": "4.2.1.12" + }, + { + "version_value": "430" + }, + { + "version_value": "5" + }, + { + "version_value": "5.1L" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2 L" + }, + { + "version_value": "5.3 L" + }, + { + "version_value": "5.3.7" + }, + { + "version_value": "4.3" + }, + { + "version_value": "4.3.2" + }, + { + "version_value": "4" + }, + { + "version_value": "5.2" + }, + { + "version_value": "4.3.1" + }, + { + "version_value": "4.3.3.10" + }, + { + "version_value": "3.1" + }, + { + "version_value": "4.2.1" + }, + { + "version_value": "4.2" + }, + { + "version_value": "2.2.1" + }, + { + "version_value": "5.1" + }, + { + "version_value": "4.3.3" + }, + { + "version_value": "4.1" + }, + { + "version_value": "3.2.5" + }, + { + "version_value": "3.2" + }, + { + "version_value": "3.2.4" + }, + { + "version_value": "6.1" + }, + { + "version_value": "5.3" + }, + { + "version_value": "5.2.0.50" + }, + { + "version_value": "5.2.0.54" + }, + { + "version_value": "5.3.0.10" + }, + { + "version_value": "5.3.0.20" + }, + { + "version_value": "5.2.0" + }, + { + "version_value": "5.3.0" + }, + { + "version_value": "5.3.8" + }, + { + "version_value": "6.1.1" + }, + { + "version_value": "6.1.2" + }, + { + "version_value": "5.3.9" + }, + { + "version_value": "6.1.0" + }, + { + "version_value": "7.1" + }, + { + "version_value": "1.2.1" + }, + { + "version_value": "1.3" + }, + { + "version_value": "4.0" + }, + { + "version_value": "4.3.0" + }, + { + "version_value": "5.1.0.10" + }, + { + "version_value": "5.3" + }, + { + "version_value": "5.3_ml03" + }, + { + "version_value": "5L" + }, + { + "version_value": "7.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" - }, - { - "name" : "95891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95891" - }, - { - "name" : "1037748", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037748" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037748", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037748" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc" + }, + { + "name": "95891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95891" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1371.json b/2017/1xxx/CVE-2017-1371.json index ef04845a013..e54793efc59 100644 --- a/2017/1xxx/CVE-2017-1371.json +++ b/2017/1xxx/CVE-2017-1371.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-1371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-1371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126864", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126864" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004674", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126864", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126864" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004674", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004674" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1401.json b/2017/1xxx/CVE-2017-1401.json index 2d1a0c840d1..2410c1e0af2 100644 --- a/2017/1xxx/CVE-2017-1401.json +++ b/2017/1xxx/CVE-2017-1401.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1401", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1401", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1502.json b/2017/1xxx/CVE-2017-1502.json index bd69d7a56b9..2d304511e0f 100644 --- a/2017/1xxx/CVE-2017-1502.json +++ b/2017/1xxx/CVE-2017-1502.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129577", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129577" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006941", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129577." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006941", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006941" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129577", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129577" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1731.json b/2017/1xxx/CVE-2017-1731.json index b96370d5ada..6a9db43ba86 100644 --- a/2017/1xxx/CVE-2017-1731.json +++ b/2017/1xxx/CVE-2017-1731.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-29T00:00:00", - "ID" : "CVE-2017-1731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Application Server", - "version" : { - "version_data" : [ - { - "version_value" : "9.0" - }, - { - "version_value" : "7.0.0.35" - }, - { - "version_value" : "7.0.0.37" - }, - { - "version_value" : "7.0.0.39" - }, - { - "version_value" : "7.0.0.41" - }, - { - "version_value" : "7.0.0.43" - }, - { - "version_value" : "8.0.0.4" - }, - { - "version_value" : "8.0.0.5" - }, - { - "version_value" : "8.0.0.6" - }, - { - "version_value" : "8.0.0.7" - }, - { - "version_value" : "8.0.0.8" - }, - { - "version_value" : "8.0.0.9" - }, - { - "version_value" : "8.0.0.10" - }, - { - "version_value" : "8.0.0.11" - }, - { - "version_value" : "8.0.0.12" - }, - { - "version_value" : "8.0.0.13" - }, - { - "version_value" : "8.0.0.14" - }, - { - "version_value" : "8.5.5.7" - }, - { - "version_value" : "8.5.5.8" - }, - { - "version_value" : "8.5.5.9" - }, - { - "version_value" : "8.5.5.10" - }, - { - "version_value" : "8.5.5.11" - }, - { - "version_value" : "8.5.5.12" - }, - { - "version_value" : "9.0.0.1" - }, - { - "version_value" : "9.0.0.2" - }, - { - "version_value" : "9.0.0.3" - }, - { - "version_value" : "9.0.0.4" - }, - { - "version_value" : "9.0.0.5" - }, - { - "version_value" : "9.0.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-01-29T00:00:00", + "ID": "CVE-2017-1731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Application Server", + "version": { + "version_data": [ + { + "version_value": "9.0" + }, + { + "version_value": "7.0.0.35" + }, + { + "version_value": "7.0.0.37" + }, + { + "version_value": "7.0.0.39" + }, + { + "version_value": "7.0.0.41" + }, + { + "version_value": "7.0.0.43" + }, + { + "version_value": "8.0.0.4" + }, + { + "version_value": "8.0.0.5" + }, + { + "version_value": "8.0.0.6" + }, + { + "version_value": "8.0.0.7" + }, + { + "version_value": "8.0.0.8" + }, + { + "version_value": "8.0.0.9" + }, + { + "version_value": "8.0.0.10" + }, + { + "version_value": "8.0.0.11" + }, + { + "version_value": "8.0.0.12" + }, + { + "version_value": "8.0.0.13" + }, + { + "version_value": "8.0.0.14" + }, + { + "version_value": "8.5.5.7" + }, + { + "version_value": "8.5.5.8" + }, + { + "version_value": "8.5.5.9" + }, + { + "version_value": "8.5.5.10" + }, + { + "version_value": "8.5.5.11" + }, + { + "version_value": "8.5.5.12" + }, + { + "version_value": "9.0.0.1" + }, + { + "version_value": "9.0.0.2" + }, + { + "version_value": "9.0.0.3" + }, + { + "version_value": "9.0.0.4" + }, + { + "version_value": "9.0.0.5" + }, + { + "version_value": "9.0.0.6" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134912", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134912" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R" - }, - { - "name" : "102911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102911" - }, - { - "name" : "1040356", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134912", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134912" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg22012345&myns=swgws&mynp=OCSSEQTP&mync=R&cm_sp=swgws-_-OCSSEQTP-_-R" + }, + { + "name": "1040356", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040356" + }, + { + "name": "102911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102911" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4168.json b/2017/4xxx/CVE-2017-4168.json index 88fc36eb9ac..e795af4f3cb 100644 --- a/2017/4xxx/CVE-2017-4168.json +++ b/2017/4xxx/CVE-2017-4168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4168", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4168", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5032.json b/2017/5xxx/CVE-2017-5032.json index e225e7ef6c6..91cc9faf5e3 100644 --- a/2017/5xxx/CVE-2017-5032.json +++ b/2017/5xxx/CVE-2017-5032.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Windows" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Windows", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Windows" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/668724", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/668724" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + }, + { + "name": "https://crbug.com/668724", + "refsource": "CONFIRM", + "url": "https://crbug.com/668724" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5274.json b/2017/5xxx/CVE-2017-5274.json index 4c3839e2e1c..731dd17b9e9 100644 --- a/2017/5xxx/CVE-2017-5274.json +++ b/2017/5xxx/CVE-2017-5274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5274", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5274", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5479.json b/2017/5xxx/CVE-2017-5479.json index c82a6f299ed..c157c62f5b9 100644 --- a/2017/5xxx/CVE-2017-5479.json +++ b/2017/5xxx/CVE-2017-5479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5652.json b/2017/5xxx/CVE-2017-5652.json index b9823e8f8b1..445b057a1c7 100644 --- a/2017/5xxx/CVE-2017-5652.json +++ b/2017/5xxx/CVE-2017-5652.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-10T00:00:00", - "ID" : "CVE-2017-5652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Impala", - "version" : { - "version_data" : [ - { - "version_value" : "2.7.0 to 2.8.0 incubating" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-10T00:00:00", + "ID": "CVE-2017-5652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Impala", + "version": { + "version_data": [ + { + "version_value": "2.7.0 to 2.8.0 incubating" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170710 [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540831/100/0/threaded" - }, - { - "name" : "[dev] 20170710 [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/5bab4424f23aebefc8108a0e30273c2a543a289df8113c461f930143@%3Cdev.impala.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20170710 [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/5bab4424f23aebefc8108a0e30273c2a543a289df8113c461f930143@%3Cdev.impala.apache.org%3E" + }, + { + "name": "20170710 [SECURITY] CVE-2017-5652 Apache Impala (incubating) Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540831/100/0/threaded" + } + ] + } +} \ No newline at end of file