From 8f194a81ba083d50885adf9194aaa8938216a2c3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:22:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/1xxx/CVE-2001-1281.json | 140 ++++++------- 2001/1xxx/CVE-2001-1354.json | 140 ++++++------- 2001/1xxx/CVE-2001-1446.json | 150 +++++++------- 2006/2xxx/CVE-2006-2362.json | 270 ++++++++++++------------- 2006/2xxx/CVE-2006-2438.json | 200 +++++++++---------- 2006/2xxx/CVE-2006-2640.json | 160 +++++++-------- 2006/2xxx/CVE-2006-2977.json | 170 ++++++++-------- 2006/3xxx/CVE-2006-3038.json | 160 +++++++-------- 2006/6xxx/CVE-2006-6187.json | 180 ++++++++--------- 2006/6xxx/CVE-2006-6260.json | 160 +++++++-------- 2006/6xxx/CVE-2006-6472.json | 130 ++++++------ 2006/6xxx/CVE-2006-6545.json | 150 +++++++------- 2006/6xxx/CVE-2006-6911.json | 150 +++++++------- 2011/0xxx/CVE-2011-0372.json | 130 ++++++------ 2011/0xxx/CVE-2011-0529.json | 34 ++-- 2011/0xxx/CVE-2011-0612.json | 120 +++++------ 2011/0xxx/CVE-2011-0778.json | 190 +++++++++--------- 2011/1xxx/CVE-2011-1943.json | 170 ++++++++-------- 2011/2xxx/CVE-2011-2254.json | 34 ++-- 2011/2xxx/CVE-2011-2634.json | 140 ++++++------- 2011/3xxx/CVE-2011-3037.json | 310 ++++++++++++++--------------- 2011/3xxx/CVE-2011-3180.json | 140 ++++++------- 2011/3xxx/CVE-2011-3301.json | 150 +++++++------- 2011/3xxx/CVE-2011-3686.json | 120 +++++------ 2011/4xxx/CVE-2011-4041.json | 180 ++++++++--------- 2011/4xxx/CVE-2011-4501.json | 140 ++++++------- 2011/4xxx/CVE-2011-4701.json | 120 +++++------ 2011/4xxx/CVE-2011-4727.json | 130 ++++++------ 2013/1xxx/CVE-2013-1070.json | 140 ++++++------- 2013/1xxx/CVE-2013-1734.json | 130 ++++++------ 2013/5xxx/CVE-2013-5038.json | 130 ++++++------ 2013/5xxx/CVE-2013-5122.json | 34 ++-- 2013/5xxx/CVE-2013-5812.json | 270 ++++++++++++------------- 2014/2xxx/CVE-2014-2074.json | 34 ++-- 2014/2xxx/CVE-2014-2741.json | 170 ++++++++-------- 2014/2xxx/CVE-2014-2755.json | 140 ++++++------- 2014/2xxx/CVE-2014-2836.json | 34 ++-- 2014/6xxx/CVE-2014-6455.json | 130 ++++++------ 2014/6xxx/CVE-2014-6631.json | 130 ++++++------ 2014/6xxx/CVE-2014-6901.json | 140 ++++++------- 2014/7xxx/CVE-2014-7380.json | 140 ++++++------- 2017/0xxx/CVE-2017-0431.json | 142 ++++++------- 2017/0xxx/CVE-2017-0771.json | 144 +++++++------- 2017/1000xxx/CVE-2017-1000111.json | 194 +++++++++--------- 2017/1000xxx/CVE-2017-1000437.json | 124 ++++++------ 2017/18xxx/CVE-2017-18183.json | 140 ++++++------- 2017/1xxx/CVE-2017-1652.json | 288 +++++++++++++-------------- 2017/1xxx/CVE-2017-1655.json | 220 ++++++++++---------- 2017/1xxx/CVE-2017-1947.json | 34 ++-- 2017/4xxx/CVE-2017-4546.json | 34 ++-- 2017/4xxx/CVE-2017-4737.json | 34 ++-- 2017/4xxx/CVE-2017-4786.json | 34 ++-- 2017/4xxx/CVE-2017-4848.json | 34 ++-- 2017/5xxx/CVE-2017-5690.json | 34 ++-- 54 files changed, 3673 insertions(+), 3673 deletions(-) diff --git a/2001/1xxx/CVE-2001-1281.json b/2001/1xxx/CVE-2001-1281.json index 42bf01d69ed..8fb43daa74a 100644 --- a/2001/1xxx/CVE-2001-1281.json +++ b/2001/1xxx/CVE-2001-1281.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011011 Vulnerabilities in Ipswitch IMail Server 7.04", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html" - }, - { - "name" : "http://www.ipswitch.com/Support/IMail/news.html", - "refsource" : "MISC", - "url" : "http://www.ipswitch.com/Support/IMail/news.html" - }, - { - "name" : "3429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote authenticated users to change information for other users by modifying the olduser parameter in the \"Change User Information\" web form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3429" + }, + { + "name": "20011011 Vulnerabilities in Ipswitch IMail Server 7.04", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0076.html" + }, + { + "name": "http://www.ipswitch.com/Support/IMail/news.html", + "refsource": "MISC", + "url": "http://www.ipswitch.com/Support/IMail/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1354.json b/2001/1xxx/CVE-2001-1354.json index aa2873cfa76..3facb680b37 100644 --- a/2001/1xxx/CVE-2001-1354.json +++ b/2001/1xxx/CVE-2001-1354.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/198293" - }, - { - "name" : "netwin-nwauth-weak-encryption(6866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866" - }, - { - "name" : "3075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in SurgeFTP, DMail, and possibly other packages, uses weak password hashing, which could allow local users to decrypt passwords or use a different password that has the same hash value as the correct password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netwin-nwauth-weak-encryption(6866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6866" + }, + { + "name": "3075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3075" + }, + { + "name": "20010720 NetWin Authentication Module 3.0b password storage vulnerabilities / buffer overflows", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/198293" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1446.json b/2001/1xxx/CVE-2001-1446.json index 579e5ed1b77..5ec8c947bdc 100644 --- a/2001/1xxx/CVE-2001-1446.json +++ b/2001/1xxx/CVE-2001-1446.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010910 Re: More security problems in Apache on Mac OS X", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0085.html" - }, - { - "name" : "VU#177243", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/177243" - }, - { - "name" : "3325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3325" - }, - { - "name" : "macos-apache-directory-disclosure(7103)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#177243", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/177243" + }, + { + "name": "20010910 Re: More security problems in Apache on Mac OS X", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0085.html" + }, + { + "name": "macos-apache-directory-disclosure(7103)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7103" + }, + { + "name": "3325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3325" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2362.json b/2006/2xxx/CVE-2006-2362.json index 0273e21e04d..812e5c9f965 100644 --- a/2006/2xxx/CVE-2006-2362.json +++ b/2006/2xxx/CVE-2006-2362.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html" - }, - { - "name" : "http://sourceware.org/bugzilla/show_bug.cgi?id=2584", - "refsource" : "CONFIRM", - "url" : "http://sourceware.org/bugzilla/show_bug.cgi?id=2584" - }, - { - "name" : "APPLE-SA-2007-10-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html" - }, - { - "name" : "SUSE-SR:2006:026", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_26_sr.html" - }, - { - "name" : "2006-0034", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0034/" - }, - { - "name" : "USN-292-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-292-1" - }, - { - "name" : "17950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17950" - }, - { - "name" : "ADV-2006-1924", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1924" - }, - { - "name" : "ADV-2007-3665", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/3665" - }, - { - "name" : "1018872", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1018872" - }, - { - "name" : "20188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20188" - }, - { - "name" : "20531", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20531" - }, - { - "name" : "22932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22932" - }, - { - "name" : "20550", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20550" - }, - { - "name" : "27441", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27441" - }, - { - "name" : "binutils-libbfd-bo(26644)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20188" + }, + { + "name": "20550", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20550" + }, + { + "name": "22932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22932" + }, + { + "name": "27441", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27441" + }, + { + "name": "2006-0034", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0034/" + }, + { + "name": "17950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17950" + }, + { + "name": "[bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/bug-binutils@gnu.org/msg01516.html" + }, + { + "name": "ADV-2007-3665", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/3665" + }, + { + "name": "SUSE-SR:2006:026", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html" + }, + { + "name": "ADV-2006-1924", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1924" + }, + { + "name": "1018872", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1018872" + }, + { + "name": "20531", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20531" + }, + { + "name": "USN-292-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-292-1" + }, + { + "name": "APPLE-SA-2007-10-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Oct/msg00001.html" + }, + { + "name": "binutils-libbfd-bo(26644)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26644" + }, + { + "name": "http://sourceware.org/bugzilla/show_bug.cgi?id=2584", + "refsource": "CONFIRM", + "url": "http://sourceware.org/bugzilla/show_bug.cgi?id=2584" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2438.json b/2006/2xxx/CVE-2006-2438.json index 4a9d45ed386..39894b9d132 100644 --- a/2006/2xxx/CVE-2006-2438.json +++ b/2006/2xxx/CVE-2006-2438.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060516 ScanAlert Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434145" - }, - { - "name" : "20060516 ScanAlert Security Advisory", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html" - }, - { - "name" : "18007", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18007" - }, - { - "name" : "ADV-2006-1831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1831" - }, - { - "name" : "25571", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25571" - }, - { - "name" : "1016110", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016110" - }, - { - "name" : "20125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20125" - }, - { - "name" : "908", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/908" - }, - { - "name" : "resin-viewfile-file-disclosure(26494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "908", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/908" + }, + { + "name": "20060516 ScanAlert Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434145" + }, + { + "name": "20060516 ScanAlert Security Advisory", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0384.html" + }, + { + "name": "ADV-2006-1831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1831" + }, + { + "name": "resin-viewfile-file-disclosure(26494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26494" + }, + { + "name": "18007", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18007" + }, + { + "name": "1016110", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016110" + }, + { + "name": "20125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20125" + }, + { + "name": "25571", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25571" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2640.json b/2006/2xxx/CVE-2006-2640.json index 5aeaf22c656..613011111df 100644 --- a/2006/2xxx/CVE-2006-2640.json +++ b/2006/2xxx/CVE-2006-2640.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 XSS in Omegasoft's Insel", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435109/100/0/threaded" - }, - { - "name" : "ADV-2006-2072", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2072" - }, - { - "name" : "20319", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20319" - }, - { - "name" : "970", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/970" - }, - { - "name" : "insel-omegamw7a-xss(26789)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "insel-omegamw7a-xss(26789)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26789" + }, + { + "name": "20319", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20319" + }, + { + "name": "ADV-2006-2072", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2072" + }, + { + "name": "970", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/970" + }, + { + "name": "20060526 XSS in Omegasoft's Insel", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435109/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2977.json b/2006/2xxx/CVE-2006-2977.json index 1d8851460b4..777b01675b0 100644 --- a/2006/2xxx/CVE-2006-2977.json +++ b/2006/2xxx/CVE-2006-2977.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060608 Mafia Moblog Full Path Disclosure / SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436410/100/0/threaded" - }, - { - "name" : "18352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18352" - }, - { - "name" : "ADV-2006-2249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2249" - }, - { - "name" : "20529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20529" - }, - { - "name" : "1078", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1078" - }, - { - "name" : "mafia-moblog-big-sql-injection(27000)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060608 Mafia Moblog Full Path Disclosure / SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436410/100/0/threaded" + }, + { + "name": "1078", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1078" + }, + { + "name": "ADV-2006-2249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2249" + }, + { + "name": "18352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18352" + }, + { + "name": "mafia-moblog-big-sql-injection(27000)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27000" + }, + { + "name": "20529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20529" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3038.json b/2006/3xxx/CVE-2006-3038.json index fbf22769da3..dc2355e2ae0 100644 --- a/2006/3xxx/CVE-2006-3038.json +++ b/2006/3xxx/CVE-2006-3038.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that \"All issues concerning this script and others at cescripts.com have been addressed and fixed.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 cescripts.com - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436805" - }, - { - "name" : "20060823 Bugtraq ID: 18402", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444136/100/0/threaded" - }, - { - "name" : "20060823 Vendor ACK - CVE-2006-3038 (fwd)", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-August/000983.html" - }, - { - "name" : "ADV-2006-2344", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2344" - }, - { - "name" : "20586", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that \"All issues concerning this script and others at cescripts.com have been addressed and fixed.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20586", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20586" + }, + { + "name": "ADV-2006-2344", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2344" + }, + { + "name": "20060823 Vendor ACK - CVE-2006-3038 (fwd)", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-August/000983.html" + }, + { + "name": "20060823 Bugtraq ID: 18402", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444136/100/0/threaded" + }, + { + "name": "20060611 cescripts.com - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436805" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6187.json b/2006/6xxx/CVE-2006-6187.json index 4836b862946..273bd7d5d91 100644 --- a/2006/6xxx/CVE-2006-6187.json +++ b/2006/6xxx/CVE-2006-6187.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 ClickGallery Sql Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452733/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=49", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=49" - }, - { - "name" : "21311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21311" - }, - { - "name" : "ADV-2006-4743", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4743" - }, - { - "name" : "23136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23136" - }, - { - "name" : "1937", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1937" - }, - { - "name" : "clickgallery-multiple-scripts-sql-injection(30535)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.aria-security.com/forum/showthread.php?t=49", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=49" + }, + { + "name": "23136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23136" + }, + { + "name": "1937", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1937" + }, + { + "name": "20061126 ClickGallery Sql Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452733/100/0/threaded" + }, + { + "name": "21311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21311" + }, + { + "name": "ADV-2006-4743", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4743" + }, + { + "name": "clickgallery-multiple-scripts-sql-injection(30535)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30535" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6260.json b/2006/6xxx/CVE-2006-6260.json index 40c87803971..18816bf5a17 100644 --- a/2006/6xxx/CVE-2006-6260.json +++ b/2006/6xxx/CVE-2006-6260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061125 Siap Cms Sql Injection (login.asp)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452642/100/0/threaded" - }, - { - "name" : "21346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21346" - }, - { - "name" : "21286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21286" - }, - { - "name" : "1957", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1957" - }, - { - "name" : "siap-login-sql-injection(30484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061125 Siap Cms Sql Injection (login.asp)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452642/100/0/threaded" + }, + { + "name": "21286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21286" + }, + { + "name": "siap-login-sql-injection(30484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30484" + }, + { + "name": "21346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21346" + }, + { + "name": "1957", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1957" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6472.json b/2006/6xxx/CVE-2006-6472.json index 0b8063781c8..2ec415ecd0a 100644 --- a/2006/6xxx/CVE-2006-6472.json +++ b/2006/6xxx/CVE-2006-6472.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6545.json b/2006/6xxx/CVE-2006-6545.json index b3e98bbe4c7..ff75042374c 100644 --- a/2006/6xxx/CVE-2006-6545.json +++ b/2006/6xxx/CVE-2006-6545.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2917", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2917" - }, - { - "name" : "ADV-2006-4947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4947" - }, - { - "name" : "23298", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23298" - }, - { - "name" : "mxbberrordocs-common-file-include(30820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mxbberrordocs-common-file-include(30820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30820" + }, + { + "name": "ADV-2006-4947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4947" + }, + { + "name": "2917", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2917" + }, + { + "name": "23298", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23298" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6911.json b/2006/6xxx/CVE-2006-6911.json index 6f4f3971f0a..e6d8e436604 100644 --- a/2006/6xxx/CVE-2006-6911.json +++ b/2006/6xxx/CVE-2006-6911.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3089", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3089" - }, - { - "name" : "31689", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/31689" - }, - { - "name" : "23652", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23652" - }, - { - "name" : "qos-search-sql-injection(31318)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23652", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23652" + }, + { + "name": "3089", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3089" + }, + { + "name": "31689", + "refsource": "OSVDB", + "url": "http://osvdb.org/31689" + }, + { + "name": "qos-search-sql-injection(31318)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31318" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0372.json b/2011/0xxx/CVE-2011-0372.json index a8131126a22..58fd09b3b2a 100644 --- a/2011/0xxx/CVE-2011-0372.json +++ b/2011/0xxx/CVE-2011-0372.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to \"command injection vulnerabilities,\" aka Bug ID CSCtb31640." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml" - }, - { - "name" : "1025112", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to \"command injection vulnerabilities,\" aka Bug ID CSCtb31640." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025112", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025112" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Endpoint Devices", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0529.json b/2011/0xxx/CVE-2011-0529.json index ce2618f8b56..76874b3ced9 100644 --- a/2011/0xxx/CVE-2011-0529.json +++ b/2011/0xxx/CVE-2011-0529.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0529", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0529", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0612.json b/2011/0xxx/CVE-2011-0612.json index 018ca52ea2e..8072c406cb1 100644 --- a/2011/0xxx/CVE-2011-0612.json +++ b/2011/0xxx/CVE-2011-0612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-11.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-11.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, allows remote attackers to cause a denial of service (XML data corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-11.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0778.json b/2011/0xxx/CVE-2011-0778.json index 3f2680cf45d..240ad496479 100644 --- a/2011/0xxx/CVE-2011-0778.json +++ b/2011/0xxx/CVE-2011-0778.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=59081", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=59081" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" - }, - { - "name" : "DSA-2166", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2166" - }, - { - "name" : "DSA-2188", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2188" - }, - { - "name" : "SUSE-SR:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:14228", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14228" - }, - { - "name" : "43368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43368" - }, - { - "name" : "ADV-2011-0408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.84 does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43368" + }, + { + "name": "SUSE-SR:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html" + }, + { + "name": "oval:org.mitre.oval:def:14228", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14228" + }, + { + "name": "DSA-2166", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2166" + }, + { + "name": "ADV-2011-0408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0408" + }, + { + "name": "DSA-2188", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2188" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=59081", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=59081" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1943.json b/2011/1xxx/CVE-2011-1943.json index 8ebea499d84..66b7dd8f56f 100644 --- a/2011/1xxx/CVE-2011-1943.json +++ b/2011/1xxx/CVE-2011-1943.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110531 CVE request: NetworkManager-openvpn logs cert password", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/05/31/6" - }, - { - "name" : "[oss-security] 20110531 Re: CVE request: NetworkManager-openvpn logs cert password", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/05/31/7" - }, - { - "name" : "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6", - "refsource" : "CONFIRM", - "url" : "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=708876", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=708876" - }, - { - "name" : "FEDORA-2011-7919", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html" - }, - { - "name" : "networkmanager-secret-info-disclosure(68057)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=708876", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=708876" + }, + { + "name": "networkmanager-secret-info-disclosure(68057)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68057" + }, + { + "name": "[oss-security] 20110531 CVE request: NetworkManager-openvpn logs cert password", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/05/31/6" + }, + { + "name": "FEDORA-2011-7919", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html" + }, + { + "name": "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6", + "refsource": "CONFIRM", + "url": "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6" + }, + { + "name": "[oss-security] 20110531 Re: CVE request: NetworkManager-openvpn logs cert password", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/05/31/7" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2254.json b/2011/2xxx/CVE-2011-2254.json index 2f30f953d7a..366a71094b2 100644 --- a/2011/2xxx/CVE-2011-2254.json +++ b/2011/2xxx/CVE-2011-2254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2254", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-2254", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2634.json b/2011/2xxx/CVE-2011-2634.json index 8ecb30f4d85..136d0912f05 100644 --- a/2011/2xxx/CVE-2011-2634.json +++ b/2011/2xxx/CVE-2011-2634.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1110/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1110/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1110/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.10 allows remote attackers to hijack (1) searches and (2) customizations via unspecified third party applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1110/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1110/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1110/" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3037.json b/2011/3xxx/CVE-2011-3037.json index e6cbb0cc3fa..93c8f2ec093 100644 --- a/2011/3xxx/CVE-2011-3037.json +++ b/2011/3xxx/CVE-2011-3037.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=113439", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=113439" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=114924", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=114924" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=115028", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=115028" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" - }, - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0374", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" - }, - { - "name" : "52271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52271" - }, - { - "name" : "79796", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79796" - }, - { - "name" : "oval:org.mitre.oval:def:14397", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14397" - }, - { - "name" : "1026759", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026759" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "48419", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48419" - }, - { - "name" : "48265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48265" - }, - { - "name" : "google-block-splitting-code-exec(73648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14397", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14397" + }, + { + "name": "79796", + "refsource": "OSVDB", + "url": "http://osvdb.org/79796" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "1026759", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026759" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=115028", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=115028" + }, + { + "name": "48265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48265" + }, + { + "name": "48419", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48419" + }, + { + "name": "openSUSE-SU-2012:0374", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=113439", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=113439" + }, + { + "name": "52271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52271" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" + }, + { + "name": "google-block-splitting-code-exec(73648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73648" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=114924", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=114924" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3180.json b/2011/3xxx/CVE-2011-3180.json index 9c03598cbbe..6903aa5e1a2 100644 --- a/2011/3xxx/CVE-2011-3180.json +++ b/2011/3xxx/CVE-2011-3180.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111102 kiwi shell meta char injection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/02/4" - }, - { - "name" : "https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f#", - "refsource" : "CONFIRM", - "url" : "https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f#" - }, - { - "name" : "SUSE-SU-2011:1324", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1, allows attackers to execute arbitrary commands via shell metacharacters in the path of an overlay file, related to chown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20111102 kiwi shell meta char injection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/02/4" + }, + { + "name": "https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f#", + "refsource": "CONFIRM", + "url": "https://github.com/openSUSE/kiwi/commit/f0f74b3f6ac6d47f7919aa9db380c0ad41ffe55f#" + }, + { + "name": "SUSE-SU-2011:1324", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3301.json b/2011/3xxx/CVE-2011-3301.json index d9cfd6a12ab..1424fe40480 100644 --- a/2011/3xxx/CVE-2011-3301.json +++ b/2011/3xxx/CVE-2011-3301.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-3301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111005 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml" - }, - { - "name" : "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml" - }, - { - "name" : "76088", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76088" - }, - { - "name" : "cisco-sunrpc-inspection-dos(70332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "76088", + "refsource": "OSVDB", + "url": "http://osvdb.org/76088" + }, + { + "name": "cisco-sunrpc-inspection-dos(70332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70332" + }, + { + "name": "20111005 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml" + }, + { + "name": "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3686.json b/2011/3xxx/CVE-2011-3686.json index 04d9a6a9271..63eb81e5b67 100644 --- a/2011/3xxx/CVE-2011-3686.json +++ b/2011/3xxx/CVE-2011-3686.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html", - "refsource" : "MISC", - "url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html", + "refsource": "MISC", + "url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Sonexis-XSS-Vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4041.json b/2011/4xxx/CVE-2011-4041.json index b01f2c852fe..4563309e7da 100644 --- a/2011/4xxx/CVE-2011-4041.json +++ b/2011/4xxx/CVE-2011-4041.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517117" - }, - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1" - }, - { - "name" : "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf" - }, - { - "name" : "http://www.reversemode.com/downloads/exploit_advantech.zip", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/downloads/exploit_advantech.zip" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf" - }, - { - "name" : "47008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1" + }, + { + "name": "47008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47008" + }, + { + "name": "http://www.reversemode.com/downloads/exploit_advantech.zip", + "refsource": "MISC", + "url": "http://www.reversemode.com/downloads/exploit_advantech.zip" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-094-02A.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-081-01.pdf" + }, + { + "name": "20110322 SCADA Trojans: Attacking the Grid + Advantech vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517117" + }, + { + "name": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf", + "refsource": "MISC", + "url": "http://www.reversemode.com/downloads/Scada_Trojans_Ruben_Rootedcon.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4501.json b/2011/4xxx/CVE-2011-4501.json index e8a144ed930..43a334e16ee 100644 --- a/2011/4xxx/CVE-2011-4501.json +++ b/2011/4xxx/CVE-2011-4501.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.upnp-hacks.org/devices.html", - "refsource" : "MISC", - "url" : "http://www.upnp-hacks.org/devices.html" - }, - { - "name" : "http://www.upnp-hacks.org/suspect.html", - "refsource" : "MISC", - "url" : "http://www.upnp-hacks.org/suspect.html" - }, - { - "name" : "VU#357851", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/357851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.upnp-hacks.org/devices.html", + "refsource": "MISC", + "url": "http://www.upnp-hacks.org/devices.html" + }, + { + "name": "http://www.upnp-hacks.org/suspect.html", + "refsource": "MISC", + "url": "http://www.upnp-hacks.org/suspect.html" + }, + { + "name": "VU#357851", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/357851" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4701.json b/2011/4xxx/CVE-2011-4701.json index 7a5126c795e..d9ebd4b26cf 100644 --- a/2011/4xxx/CVE-2011-4701.json +++ b/2011/4xxx/CVE-2011-4701.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4701-vulnerability-in-CallConfirm.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4701-vulnerability-in-CallConfirm.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4701-vulnerability-in-CallConfirm.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4701-vulnerability-in-CallConfirm.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4727.json b/2011/4xxx/CVE-2011-4727.json index fdf19c552e2..61f7a5b23e2 100644 --- a/2011/4xxx/CVE-2011-4727.json +++ b/2011/4xxx/CVE-2011-4727.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" - }, - { - "name" : "plesk-server-dos(72332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error) or possibly have unspecified other impact via a crafted REST URL parameter, as demonstrated by parameters to admin/ and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-server-dos(72332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72332" + }, + { + "name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1070.json b/2013/1xxx/CVE-2013-1070.json index 74f729b8610..90a0a5c591f 100644 --- a/2013/1xxx/CVE-2013-1070.json +++ b/2013/1xxx/CVE-2013-1070.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1070", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1070", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/maas/%2Bbug/1251336", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/maas/%2Bbug/1251336" - }, - { - "name" : "USN-2105-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2105-1" - }, - { - "name" : "65575", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65575", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65575" + }, + { + "name": "USN-2105-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2105-1" + }, + { + "name": "https://bugs.launchpad.net/maas/%2Bbug/1251336", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/maas/%2Bbug/1251336" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1734.json b/2013/1xxx/CVE-2013-1734.json index bef9246d7fa..7a376e4a272 100644 --- a/2013/1xxx/CVE-2013-1734.json +++ b/2013/1xxx/CVE-2013-1734.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-1734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/4.0.10/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/4.0.10/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=913904", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=913904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=913904", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=913904" + }, + { + "name": "http://www.bugzilla.org/security/4.0.10/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/4.0.10/" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5038.json b/2013/5xxx/CVE-2013-5038.json index fd0ab8f9933..4e8181e210c 100644 --- a/2013/5xxx/CVE-2013-5038.json +++ b/2013/5xxx/CVE-2013-5038.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html" - }, - { - "name" : "http://www.youtube.com/watch?v=CPlT09ZIj48", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=CPlT09ZIj48" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.youtube.com/watch?v=CPlT09ZIj48", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=CPlT09ZIj48" + }, + { + "name": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123901/HOTBOX-2.1.11-CSRF-Traversal-Denial-Of-Service.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5122.json b/2013/5xxx/CVE-2013-5122.json index 65b990c4418..e2ddb730c0f 100644 --- a/2013/5xxx/CVE-2013-5122.json +++ b/2013/5xxx/CVE-2013-5122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5812.json b/2013/5xxx/CVE-2013-5812.json index cede8c734b8..53e4f73b739 100644 --- a/2013/5xxx/CVE-2013-5812.json +++ b/2013/5xxx/CVE-2013-5812.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://support.apple.com/kb/HT5982", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5982" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "APPLE-SA-2013-10-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" - }, - { - "name" : "HPSBUX02943", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674031212883&w=2" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "RHSA-2013:1508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1508.html" - }, - { - "name" : "RHSA-2013:1793", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1793.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "63126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63126" - }, - { - "name" : "oval:org.mitre.oval:def:19208", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19208" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "63126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63126" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "RHSA-2013:1508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1508.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "HPSBUX02943", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674031212883&w=2" + }, + { + "name": "RHSA-2013:1793", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1793.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "APPLE-SA-2013-10-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00001.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "http://support.apple.com/kb/HT5982", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5982" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-025/index.html" + }, + { + "name": "oval:org.mitre.oval:def:19208", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19208" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2074.json b/2014/2xxx/CVE-2014-2074.json index e58c5f946b5..7d9c3a48f84 100644 --- a/2014/2xxx/CVE-2014-2074.json +++ b/2014/2xxx/CVE-2014-2074.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2074", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2074", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2741.json b/2014/2xxx/CVE-2014-2741.json index f15a43d14d7..08f40c54ea3 100644 --- a/2014/2xxx/CVE-2014-2741.json +++ b/2014/2xxx/CVE-2014-2741.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-2741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/07/7" - }, - { - "name" : "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2014/04/09/1" - }, - { - "name" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/", - "refsource" : "MISC", - "url" : "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" - }, - { - "name" : "http://community.igniterealtime.org/thread/52317", - "refsource" : "CONFIRM", - "url" : "http://community.igniterealtime.org/thread/52317" - }, - { - "name" : "http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77", - "refsource" : "CONFIRM", - "url" : "http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77" - }, - { - "name" : "VU#495476", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/495476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/", + "refsource": "MISC", + "url": "http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/" + }, + { + "name": "VU#495476", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/495476" + }, + { + "name": "http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77", + "refsource": "CONFIRM", + "url": "http://fisheye.igniterealtime.org/changelog/openfiregit?cs=3aec383e07ee893b77396fe946766bbd3758af77" + }, + { + "name": "[oss-security] 20140408 Re: (Openfire M-Link Metronome Prosody Tigase) Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/09/1" + }, + { + "name": "http://community.igniterealtime.org/thread/52317", + "refsource": "CONFIRM", + "url": "http://community.igniterealtime.org/thread/52317" + }, + { + "name": "[oss-security] 20140407 Re: Possible CVE Request: Uncontrolled Resource Consumption with XMPP-Layer Compression", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2014/04/07/7" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2755.json b/2014/2xxx/CVE-2014-2755.json index 5c801038016..84bda8345ed 100644 --- a/2014/2xxx/CVE-2014-2755.json +++ b/2014/2xxx/CVE-2014-2755.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67840" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2753, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67840" + }, + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2836.json b/2014/2xxx/CVE-2014-2836.json index 846f4624e10..3a54f99fcaf 100644 --- a/2014/2xxx/CVE-2014-2836.json +++ b/2014/2xxx/CVE-2014-2836.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2836", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2836", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6455.json b/2014/6xxx/CVE-2014-6455.json index 6cfcf27849c..b2b3bd277f1 100644 --- a/2014/6xxx/CVE-2014-6455.json +++ b/2014/6xxx/CVE-2014-6455.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70473", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70473" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70473", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70473" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6631.json b/2014/6xxx/CVE-2014-6631.json index e8af2dd4708..4c290b3d5db 100644 --- a/2014/6xxx/CVE-2014-6631.json +++ b/2014/6xxx/CVE-2014-6631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html" - }, - { - "name" : "61606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/593-20140901-core-xss-vulnerability.html" + }, + { + "name": "61606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61606" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6901.json b/2014/6xxx/CVE-2014-6901.json index d7e36845187..4b1058758c1 100644 --- a/2014/6xxx/CVE-2014-6901.json +++ b/2014/6xxx/CVE-2014-6901.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#857145", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/857145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#857145", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/857145" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7380.json b/2014/7xxx/CVE-2014-7380.json index 18082134ee8..dc8b19ed5d9 100644 --- a/2014/7xxx/CVE-2014-7380.json +++ b/2014/7xxx/CVE-2014-7380.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#921297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/921297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#921297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/921297" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0431.json b/2017/0xxx/CVE-2017-0431.json index c73a73393c7..b27f36c53ae 100644 --- a/2017/0xxx/CVE-2017-0431.json +++ b/2017/0xxx/CVE-2017-0431.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-02-06T00:00:00", - "ID" : "CVE-2017-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-02-06T00:00:00", + "ID": "CVE-2017-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-02-01" - }, - { - "name" : "96068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96068" - }, - { - "name" : "1037798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96068" + }, + { + "name": "https://source.android.com/security/bulletin/2017-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-02-01" + }, + { + "name": "1037798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037798" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0771.json b/2017/0xxx/CVE-2017-0771.json index 613652e1fa7..0ae9029a60a 100644 --- a/2017/0xxx/CVE-2017-0771.json +++ b/2017/0xxx/CVE-2017-0771.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-05T00:00:00", - "ID" : "CVE-2017-0771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-05T00:00:00", + "ID": "CVE-2017-0771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-37624243." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100649" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000111.json b/2017/1000xxx/CVE-2017-1000111.json index 2ffa4b56fae..9188d44a790 100644 --- a/2017/1000xxx/CVE-2017-1000111.json +++ b/2017/1000xxx/CVE-2017-1000111.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.324350", - "ID" : "CVE-2017-1000111", - "REQUESTER" : "willemdebruijn.kernel@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Linux Kernel since commit 8913336a7e8d (\"packet: add PACKET_RESERVE sockopt\")" - } - ] - } - } - ] - }, - "vendor_name" : "Linux Kernel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap out-of-bounds" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.324350", + "ID": "CVE-2017-1000111", + "REQUESTER": "willemdebruijn.kernel@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://access.redhat.com/security/cve/cve-2017-1000111", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/cve/cve-2017-1000111" - }, - { - "name" : "DSA-3981", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3981" - }, - { - "name" : "RHSA-2017:3200", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3200" - }, - { - "name" : "RHSA-2017:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2918" - }, - { - "name" : "RHSA-2017:2930", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2930" - }, - { - "name" : "RHSA-2017:2931", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2931" - }, - { - "name" : "100267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100267" - }, - { - "name" : "1039132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039132" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3200", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3200" + }, + { + "name": "100267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100267" + }, + { + "name": "RHSA-2017:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2918" + }, + { + "name": "RHSA-2017:2931", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2931" + }, + { + "name": "DSA-3981", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3981" + }, + { + "name": "https://access.redhat.com/security/cve/cve-2017-1000111", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/cve/cve-2017-1000111" + }, + { + "name": "1039132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039132" + }, + { + "name": "RHSA-2017:2930", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2930" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000437.json b/2017/1000xxx/CVE-2017-1000437.json index 4accf89ff61..5d3bf5d5180 100644 --- a/2017/1000xxx/CVE-2017-1000437.json +++ b/2017/1000xxx/CVE-2017-1000437.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000437", - "REQUESTER" : "tylerp96@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Gravity", - "version" : { - "version_data" : [ - { - "version_value" : "Gravity 1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Creolabs" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000437", + "REQUESTER": "tylerp96@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/marcobambini/gravity/issues/186", - "refsource" : "MISC", - "url" : "https://github.com/marcobambini/gravity/issues/186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/marcobambini/gravity/issues/186", + "refsource": "MISC", + "url": "https://github.com/marcobambini/gravity/issues/186" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18183.json b/2017/18xxx/CVE-2017-18183.json index 9644b571b32..8e51205c66a 100644 --- a/2017/18xxx/CVE-2017-18183.json +++ b/2017/18xxx/CVE-2017-18183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481" - }, - { - "name" : "https://github.com/qpdf/qpdf/issues/143", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/issues/143" - }, - { - "name" : "USN-3638-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3638-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481" + }, + { + "name": "https://github.com/qpdf/qpdf/issues/143", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/issues/143" + }, + { + "name": "USN-3638-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3638-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1652.json b/2017/1xxx/CVE-2017-1652.json index 115c299e985..4462ca3d3cd 100644 --- a/2017/1xxx/CVE-2017-1652.json +++ b/2017/1xxx/CVE-2017-1652.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171652-xss(133263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133263." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171652-xss(133263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133263" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1655.json b/2017/1xxx/CVE-2017-1655.json index bea10265554..8862c7b6665 100644 --- a/2017/1xxx/CVE-2017-1655.json +++ b/2017/1xxx/CVE-2017-1655.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-03-20T00:00:00", - "ID" : "CVE-2017-1655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-03-20T00:00:00", + "ID": "CVE-2017-1655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014815", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014815" - }, - { - "name" : "103477", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133379." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103477", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103477" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22014815", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22014815" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133379" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1947.json b/2017/1xxx/CVE-2017-1947.json index fc4d3d94a5f..e773aa50d1d 100644 --- a/2017/1xxx/CVE-2017-1947.json +++ b/2017/1xxx/CVE-2017-1947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1947", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1947", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4546.json b/2017/4xxx/CVE-2017-4546.json index f07fb54d87d..2d1b1af7112 100644 --- a/2017/4xxx/CVE-2017-4546.json +++ b/2017/4xxx/CVE-2017-4546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4546", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4546", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4737.json b/2017/4xxx/CVE-2017-4737.json index d9f5f6eb5f5..c86a5f840da 100644 --- a/2017/4xxx/CVE-2017-4737.json +++ b/2017/4xxx/CVE-2017-4737.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4737", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4737", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4786.json b/2017/4xxx/CVE-2017-4786.json index a8a920b7a96..973f182d47a 100644 --- a/2017/4xxx/CVE-2017-4786.json +++ b/2017/4xxx/CVE-2017-4786.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4786", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4786", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4848.json b/2017/4xxx/CVE-2017-4848.json index dec4c9a8d39..c2cec7a9f64 100644 --- a/2017/4xxx/CVE-2017-4848.json +++ b/2017/4xxx/CVE-2017-4848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4848", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4848", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5690.json b/2017/5xxx/CVE-2017-5690.json index ab5fe5068f7..c7eb0298e36 100644 --- a/2017/5xxx/CVE-2017-5690.json +++ b/2017/5xxx/CVE-2017-5690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file