From a0712e42c88848a5ac2943a42b406796707f72a0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:53:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0614.json | 220 +++++++-------- 2006/0xxx/CVE-2006-0666.json | 170 ++++++------ 2006/0xxx/CVE-2006-0937.json | 140 +++++----- 2006/3xxx/CVE-2006-3613.json | 140 +++++----- 2006/3xxx/CVE-2006-3911.json | 240 ++++++++-------- 2006/3xxx/CVE-2006-3932.json | 140 +++++----- 2006/4xxx/CVE-2006-4075.json | 230 ++++++++-------- 2006/4xxx/CVE-2006-4243.json | 34 +-- 2006/4xxx/CVE-2006-4416.json | 230 ++++++++-------- 2006/4xxx/CVE-2006-4417.json | 200 +++++++------- 2006/4xxx/CVE-2006-4635.json | 160 +++++------ 2006/4xxx/CVE-2006-4997.json | 490 ++++++++++++++++----------------- 2006/7xxx/CVE-2006-7143.json | 170 ++++++------ 2010/2xxx/CVE-2010-2026.json | 130 ++++----- 2010/2xxx/CVE-2010-2093.json | 140 +++++----- 2010/2xxx/CVE-2010-2465.json | 200 +++++++------- 2010/2xxx/CVE-2010-2479.json | 190 ++++++------- 2010/2xxx/CVE-2010-2917.json | 170 ++++++------ 2010/3xxx/CVE-2010-3396.json | 150 +++++----- 2010/3xxx/CVE-2010-3399.json | 190 ++++++------- 2010/3xxx/CVE-2010-3438.json | 34 +-- 2010/3xxx/CVE-2010-3738.json | 140 +++++----- 2011/0xxx/CVE-2011-0068.json | 34 +-- 2011/0xxx/CVE-2011-0247.json | 130 ++++----- 2011/0xxx/CVE-2011-0385.json | 160 +++++------ 2011/0xxx/CVE-2011-0687.json | 190 ++++++------- 2011/1xxx/CVE-2011-1003.json | 310 ++++++++++----------- 2011/1xxx/CVE-2011-1336.json | 170 ++++++------ 2011/1xxx/CVE-2011-1912.json | 34 +-- 2011/5xxx/CVE-2011-5094.json | 210 +++++++------- 2014/3xxx/CVE-2014-3049.json | 34 +-- 2014/3xxx/CVE-2014-3075.json | 140 +++++----- 2014/3xxx/CVE-2014-3362.json | 150 +++++----- 2014/3xxx/CVE-2014-3744.json | 160 +++++------ 2014/6xxx/CVE-2014-6463.json | 150 +++++----- 2014/6xxx/CVE-2014-6644.json | 34 +-- 2014/6xxx/CVE-2014-6645.json | 140 +++++----- 2014/7xxx/CVE-2014-7302.json | 34 +-- 2014/7xxx/CVE-2014-7316.json | 140 +++++----- 2014/7xxx/CVE-2014-7622.json | 140 +++++----- 2014/7xxx/CVE-2014-7794.json | 140 +++++----- 2014/7xxx/CVE-2014-7916.json | 130 ++++----- 2014/8xxx/CVE-2014-8209.json | 34 +-- 2014/8xxx/CVE-2014-8235.json | 34 +-- 2016/2xxx/CVE-2016-2205.json | 150 +++++----- 2016/2xxx/CVE-2016-2373.json | 170 ++++++------ 2016/2xxx/CVE-2016-2432.json | 120 ++++---- 2016/2xxx/CVE-2016-2509.json | 130 ++++----- 2016/2xxx/CVE-2016-2990.json | 34 +-- 2016/6xxx/CVE-2016-6281.json | 34 +-- 2016/6xxx/CVE-2016-6530.json | 140 +++++----- 2016/6xxx/CVE-2016-6783.json | 130 ++++----- 2017/18xxx/CVE-2017-18271.json | 140 +++++----- 2017/18xxx/CVE-2017-18275.json | 34 +-- 2017/1xxx/CVE-2017-1448.json | 172 ++++++------ 2017/1xxx/CVE-2017-1687.json | 34 +-- 2017/5xxx/CVE-2017-5064.json | 170 ++++++------ 2017/5xxx/CVE-2017-5270.json | 34 +-- 2017/5xxx/CVE-2017-5578.json | 160 +++++------ 2017/5xxx/CVE-2017-5599.json | 130 ++++----- 2017/5xxx/CVE-2017-5683.json | 120 ++++---- 61 files changed, 4254 insertions(+), 4254 deletions(-) diff --git a/2006/0xxx/CVE-2006-0614.json b/2006/0xxx/CVE-2006-0614.json index d1cdb8f610e..6b9b5d1f930 100644 --- a/2006/0xxx/CVE-2006-0614.json +++ b/2006/0xxx/CVE-2006-0614.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=303658", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=303658" - }, - { - "name" : "GLSA-200602-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml" - }, - { - "name" : "102171", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1" - }, - { - "name" : "VU#759996", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/759996" - }, - { - "name" : "ADV-2006-0467", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0467" - }, - { - "name" : "ADV-2006-0828", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0828" - }, - { - "name" : "ADV-2006-1398", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1398" - }, - { - "name" : "1015596", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015596" - }, - { - "name" : "18760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18760" - }, - { - "name" : "18884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18884" - }, - { - "name" : "sun-jre-reflection-privilege-elevation(24561)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the \"first issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0828", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0828" + }, + { + "name": "GLSA-200602-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-07.xml" + }, + { + "name": "1015596", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015596" + }, + { + "name": "ADV-2006-0467", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0467" + }, + { + "name": "18884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18884" + }, + { + "name": "sun-jre-reflection-privilege-elevation(24561)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24561" + }, + { + "name": "18760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18760" + }, + { + "name": "VU#759996", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/759996" + }, + { + "name": "ADV-2006-1398", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1398" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=303658", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=303658" + }, + { + "name": "102171", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0666.json b/2006/0xxx/CVE-2006-0666.json index 00628a66955..70b0cfd3886 100644 --- a/2006/0xxx/CVE-2006-0666.json +++ b/2006/0xxx/CVE-2006-0666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY79595", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY79595&apar=only" - }, - { - "name" : "16624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16624" - }, - { - "name" : "ADV-2006-0573", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0573" - }, - { - "name" : "23127", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23127" - }, - { - "name" : "18795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18795" - }, - { - "name" : "aix-kernel-dos(24711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aix-kernel-dos(24711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24711" + }, + { + "name": "23127", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23127" + }, + { + "name": "16624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16624" + }, + { + "name": "18795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18795" + }, + { + "name": "IY79595", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY79595&apar=only" + }, + { + "name": "ADV-2006-0573", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0573" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0937.json b/2006/0xxx/CVE-2006-0937.json index fc41c1b177e..7b73555024c 100644 --- a/2006/0xxx/CVE-2006-0937.json +++ b/2006/0xxx/CVE-2006-0937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nsag.ru/vuln/890.html", - "refsource" : "MISC", - "url" : "http://nsag.ru/vuln/890.html" - }, - { - "name" : "18998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18998" - }, - { - "name" : "mailgust-index-info-disclosure(24890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nsag.ru/vuln/890.html", + "refsource": "MISC", + "url": "http://nsag.ru/vuln/890.html" + }, + { + "name": "18998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18998" + }, + { + "name": "mailgust-index-info-disclosure(24890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24890" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3613.json b/2006/3xxx/CVE-2006-3613.json index 611b8e2347a..aa1a0adc052 100644 --- a/2006/3xxx/CVE-2006-3613.json +++ b/2006/3xxx/CVE-2006-3613.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka \"Who is this item for?\") and (2) special (aka \"Special Instructions\") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060630 ezWaiter v3.0 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438792/100/0/threaded" - }, - { - "name" : "18746", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18746" - }, - { - "name" : "ezwaiter-input-fields-xss(27587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka \"Who is this item for?\") and (2) special (aka \"Special Instructions\") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ezwaiter-input-fields-xss(27587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27587" + }, + { + "name": "18746", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18746" + }, + { + "name": "20060630 ezWaiter v3.0 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438792/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3911.json b/2006/3xxx/CVE-2006-3911.json index f5e4697c7f7..e5452390033 100644 --- a/2006/3xxx/CVE-2006-3911.json +++ b/2006/3xxx/CVE-2006-3911.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440955" - }, - { - "name" : "20061007 PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/447947/100/200/threaded" - }, - { - "name" : "2060", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2060" - }, - { - "name" : "http://www.neosecurityteam.net/index.php?action=advisories&id=25", - "refsource" : "MISC", - "url" : "http://www.neosecurityteam.net/index.php?action=advisories&id=25" - }, - { - "name" : "19116", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19116" - }, - { - "name" : "ADV-2006-2940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2940" - }, - { - "name" : "27448", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27448" - }, - { - "name" : "27449", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27449" - }, - { - "name" : "1016581", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016581" - }, - { - "name" : "1017017", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017017" - }, - { - "name" : "21158", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21158" - }, - { - "name" : "1297", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1297" - }, - { - "name" : "phplive-help-setupheader-file-include(27914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1297", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1297" + }, + { + "name": "27448", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27448" + }, + { + "name": "ADV-2006-2940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2940" + }, + { + "name": "http://www.neosecurityteam.net/index.php?action=advisories&id=25", + "refsource": "MISC", + "url": "http://www.neosecurityteam.net/index.php?action=advisories&id=25" + }, + { + "name": "20060724 PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440955" + }, + { + "name": "21158", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21158" + }, + { + "name": "19116", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19116" + }, + { + "name": "27449", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27449" + }, + { + "name": "2060", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2060" + }, + { + "name": "phplive-help-setupheader-file-include(27914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27914" + }, + { + "name": "1016581", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016581" + }, + { + "name": "20061007 PHP Live! <= 3.1 help.php Remote File Inclusion vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/447947/100/200/threaded" + }, + { + "name": "1017017", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017017" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3932.json b/2006/3xxx/CVE-2006-3932.json index 267e6d05e71..f1d8970bd93 100644 --- a/2006/3xxx/CVE-2006-3932.json +++ b/2006/3xxx/CVE-2006-3932.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3932", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-2983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2983" - }, - { - "name" : "21212", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21212" - }, - { - "name" : "linkscaffe-links-sql-injection(27961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21212", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21212" + }, + { + "name": "ADV-2006-2983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2983" + }, + { + "name": "linkscaffe-links-sql-injection(27961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27961" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4075.json b/2006/4xxx/CVE-2006-4075.json index 250237299fe..be308dcf204 100644 --- a/2006/4xxx/CVE-2006-4075.json +++ b/2006/4xxx/CVE-2006-4075.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060808 docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442584/100/0/threaded" - }, - { - "name" : "2146", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2146" - }, - { - "name" : "19428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19428" - }, - { - "name" : "ADV-2006-3222", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3222" - }, - { - "name" : "27859", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27859" - }, - { - "name" : "27860", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27860" - }, - { - "name" : "27861", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27861" - }, - { - "name" : "27862", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27862" - }, - { - "name" : "1016669", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016669" - }, - { - "name" : "21412", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21412" - }, - { - "name" : "1367", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1367" - }, - { - "name" : "docpilewe-initpath-file-include(28273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3222", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3222" + }, + { + "name": "27862", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27862" + }, + { + "name": "20060808 docpile:we v0.2.2 (INIT_PATH) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442584/100/0/threaded" + }, + { + "name": "2146", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2146" + }, + { + "name": "27859", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27859" + }, + { + "name": "1367", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1367" + }, + { + "name": "19428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19428" + }, + { + "name": "27861", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27861" + }, + { + "name": "docpilewe-initpath-file-include(28273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28273" + }, + { + "name": "1016669", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016669" + }, + { + "name": "27860", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27860" + }, + { + "name": "21412", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21412" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4243.json b/2006/4xxx/CVE-2006-4243.json index 72f69f94b58..e90753c6b22 100644 --- a/2006/4xxx/CVE-2006-4243.json +++ b/2006/4xxx/CVE-2006-4243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4416.json b/2006/4xxx/CVE-2006-4416.json index d2bf2331c07..4c7c193d836 100644 --- a/2006/4xxx/CVE-2006-4416.json +++ b/2006/4xxx/CVE-2006-4416.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://aix.software.ibm.com/aix/efixes/security/README", - "refsource" : "CONFIRM", - "url" : "ftp://aix.software.ibm.com/aix/efixes/security/README" - }, - { - "name" : "IY88699", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88699" - }, - { - "name" : "IY88737", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88737" - }, - { - "name" : "IY88722", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88722" - }, - { - "name" : "19708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19708" - }, - { - "name" : "20197", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20197" - }, - { - "name" : "ADV-2006-3389", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3389" - }, - { - "name" : "ADV-2006-3770", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3770" - }, - { - "name" : "1016920", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016920" - }, - { - "name" : "21620", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21620" - }, - { - "name" : "22106", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22106" - }, - { - "name" : "aix-mkvg-privilege-escalation(29165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22106", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22106" + }, + { + "name": "aix-mkvg-privilege-escalation(29165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29165" + }, + { + "name": "1016920", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016920" + }, + { + "name": "20197", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20197" + }, + { + "name": "ADV-2006-3389", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3389" + }, + { + "name": "IY88737", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88737" + }, + { + "name": "21620", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21620" + }, + { + "name": "IY88722", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88722" + }, + { + "name": "19708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19708" + }, + { + "name": "IY88699", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY88699" + }, + { + "name": "ADV-2006-3770", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3770" + }, + { + "name": "ftp://aix.software.ibm.com/aix/efixes/security/README", + "refsource": "CONFIRM", + "url": "ftp://aix.software.ibm.com/aix/efixes/security/README" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4417.json b/2006/4xxx/CVE-2006-4417.json index eaaff340a69..bed42cff078 100644 --- a/2006/4xxx/CVE-2006-4417.json +++ b/2006/4xxx/CVE-2006-4417.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060825 Sql injection in Xoops", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444419/100/0/threaded" - }, - { - "name" : "http://www.hackers.ir/advisories/xoops.html", - "refsource" : "MISC", - "url" : "http://www.hackers.ir/advisories/xoops.html" - }, - { - "name" : "http://devteam.xoops.org/releases/changelog-2.0.15.html", - "refsource" : "CONFIRM", - "url" : "http://devteam.xoops.org/releases/changelog-2.0.15.html" - }, - { - "name" : "19720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19720" - }, - { - "name" : "ADV-2006-3402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3402" - }, - { - "name" : "28265", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28265" - }, - { - "name" : "21643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21643" - }, - { - "name" : "1461", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1461" - }, - { - "name" : "xoops-edituser-sql-injection(28586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "xoops-edituser-sql-injection(28586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28586" + }, + { + "name": "28265", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28265" + }, + { + "name": "http://devteam.xoops.org/releases/changelog-2.0.15.html", + "refsource": "CONFIRM", + "url": "http://devteam.xoops.org/releases/changelog-2.0.15.html" + }, + { + "name": "19720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19720" + }, + { + "name": "20060825 Sql injection in Xoops", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444419/100/0/threaded" + }, + { + "name": "http://www.hackers.ir/advisories/xoops.html", + "refsource": "MISC", + "url": "http://www.hackers.ir/advisories/xoops.html" + }, + { + "name": "21643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21643" + }, + { + "name": "ADV-2006-3402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3402" + }, + { + "name": "1461", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1461" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4635.json b/2006/4xxx/CVE-2006-4635.json index 32cdb6c05ee..8efa95a1de8 100644 --- a/2006/4xxx/CVE-2006-4635.json +++ b/2006/4xxx/CVE-2006-4635.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://classic.squiz.net/download/changelogs/change_log_2.14.8", - "refsource" : "CONFIRM", - "url" : "http://classic.squiz.net/download/changelogs/change_log_2.14.8" - }, - { - "name" : "19868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19868" - }, - { - "name" : "ADV-2006-3477", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3477" - }, - { - "name" : "21757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21757" - }, - { - "name" : "mysource-equation-code-execution(28768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3477", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3477" + }, + { + "name": "19868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19868" + }, + { + "name": "mysource-equation-code-execution(28768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28768" + }, + { + "name": "21757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21757" + }, + { + "name": "http://classic.squiz.net/download/changelogs/change_log_2.14.8", + "refsource": "CONFIRM", + "url": "http://classic.squiz.net/download/changelogs/change_log_2.14.8" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4997.json b/2006/4xxx/CVE-2006-4997.json index f552856011d..adf563698fc 100644 --- a/2006/4xxx/CVE-2006-4997.json +++ b/2006/4xxx/CVE-2006-4997.json @@ -1,247 +1,247 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070615 rPSA-2007-0124-1 kernel xen", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/471457" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm" - }, - { - "name" : "DSA-1233", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1233" - }, - { - "name" : "DSA-1237", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1237" - }, - { - "name" : "MDKSA-2006:197", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:197" - }, - { - "name" : "MDKSA-2007:012", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" - }, - { - "name" : "MDKSA-2007:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" - }, - { - "name" : "RHSA-2006:0689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0689.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265" - }, - { - "name" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2" - }, - { - "name" : "RHSA-2006:0710", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0710.html" - }, - { - "name" : "RHSA-2007:0012", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0012.html" - }, - { - "name" : "RHSA-2007:0013", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2007-0013.html" - }, - { - "name" : "SUSE-SA:2006:079", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" - }, - { - "name" : "USN-395-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-395-1" - }, - { - "name" : "20363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20363" - }, - { - "name" : "oval:org.mitre.oval:def:10388", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388" - }, - { - "name" : "ADV-2006-3937", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3937" - }, - { - "name" : "ADV-2006-3999", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3999" - }, - { - "name" : "1017526", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017526" - }, - { - "name" : "22253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22253" - }, - { - "name" : "22279", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22279" - }, - { - "name" : "22292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22292" - }, - { - "name" : "22497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22497" - }, - { - "name" : "22762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22762" - }, - { - "name" : "22945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22945" - }, - { - "name" : "23064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23064" - }, - { - "name" : "23370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23370" - }, - { - "name" : "23384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23384" - }, - { - "name" : "23395", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23395" - }, - { - "name" : "23788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23788" - }, - { - "name" : "23752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23752" - }, - { - "name" : "24288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24288" - }, - { - "name" : "25691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25691" - }, - { - "name" : "23474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23474" - }, - { - "name" : "kernel-clipmkip-dos(29387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=206265" + }, + { + "name": "20363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20363" + }, + { + "name": "MDKSA-2007:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:025" + }, + { + "name": "SUSE-SA:2006:079", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_79_kernel.html" + }, + { + "name": "22253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22253" + }, + { + "name": "RHSA-2007:0012", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0012.html" + }, + { + "name": "22279", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22279" + }, + { + "name": "23788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23788" + }, + { + "name": "22292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22292" + }, + { + "name": "RHSA-2007:0013", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2007-0013.html" + }, + { + "name": "RHSA-2006:0689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0689.html" + }, + { + "name": "MDKSA-2007:012", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:012" + }, + { + "name": "1017526", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017526" + }, + { + "name": "23384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23384" + }, + { + "name": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fe26109a9dfd9327fdbe630fc819e1b7450986b2" + }, + { + "name": "23752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23752" + }, + { + "name": "DSA-1237", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1237" + }, + { + "name": "22762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22762" + }, + { + "name": "24288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24288" + }, + { + "name": "23474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23474" + }, + { + "name": "23064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23064" + }, + { + "name": "DSA-1233", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1233" + }, + { + "name": "23370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23370" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm" + }, + { + "name": "ADV-2006-3999", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3999" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-078.htm" + }, + { + "name": "20070615 rPSA-2007-0124-1 kernel xen", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/471457" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-254.htm" + }, + { + "name": "oval:org.mitre.oval:def:10388", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10388" + }, + { + "name": "22497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22497" + }, + { + "name": "22945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22945" + }, + { + "name": "RHSA-2006:0710", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0710.html" + }, + { + "name": "USN-395-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-395-1" + }, + { + "name": "ADV-2006-3937", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3937" + }, + { + "name": "MDKSA-2006:197", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:197" + }, + { + "name": "23395", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23395" + }, + { + "name": "25691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25691" + }, + { + "name": "kernel-clipmkip-dos(29387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29387" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7143.json b/2006/7xxx/CVE-2006-7143.json index 3f5312a08c9..cd2adf258d2 100644 --- a/2006/7xxx/CVE-2006-7143.json +++ b/2006/7xxx/CVE-2006-7143.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/448423/100/0/threaded" - }, - { - "name" : "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html" - }, - { - "name" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt", - "refsource" : "MISC", - "url" : "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt" - }, - { - "name" : "20474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20474" - }, - { - "name" : "22365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22365" - }, - { - "name" : "2389", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061012 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/448423/100/0/threaded" + }, + { + "name": "20061011 MHL-2006-002 Public Advisory: \"Call-Center-Software\" Multiple Security Issues", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0217.html" + }, + { + "name": "2389", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2389" + }, + { + "name": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt", + "refsource": "MISC", + "url": "http://www.mayhemiclabs.com/advisories/MHL-2006-002.txt" + }, + { + "name": "22365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22365" + }, + { + "name": "20474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20474" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2026.json b/2010/2xxx/CVE-2010-2026.json index e2e23ae9e5d..8f1524c2dd0 100644 --- a/2010/2xxx/CVE-2010-2026.json +++ b/2010/2xxx/CVE-2010-2026.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html" - }, - { - "name" : "40346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40346" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100524 Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html" + }, + { + "name": "40346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40346" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2093.json b/2010/2xxx/CVE-2010-2093.json index 7b94801e4f7..462551454c4 100644 --- a/2010/2xxx/CVE-2010-2093.json +++ b/2010/2xxx/CVE-2010-2093.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service (crash) via a stream context structure that is freed before destruction occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/12/mops-2010-022-php-stream-context-use-after-free-on-request-shutdown-vulnerability/index.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2465.json b/2010/2xxx/CVE-2010-2465.json index b5e2928390d..6ebe1773023 100644 --- a/2010/2xxx/CVE-2010-2465.json +++ b/2010/2xxx/CVE-2010-2465.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blip.tv/file/3414004", - "refsource" : "MISC", - "url" : "http://blip.tv/file/3414004" - }, - { - "name" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", - "refsource" : "MISC", - "url" : "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" - }, - { - "name" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", - "refsource" : "MISC", - "url" : "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" - }, - { - "name" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", - "refsource" : "MISC", - "url" : "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-83TQL8", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-83TQL8" - }, - { - "name" : "VU#251133", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/251133" - }, - { - "name" : "41134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41134" - }, - { - "name" : "65757", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65757" - }, - { - "name" : "40374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html", + "refsource": "MISC", + "url": "http://www.darkreading.com/blog/archives/2010/04/attacking_door.html" + }, + { + "name": "40374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40374" + }, + { + "name": "VU#251133", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/251133" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-83TQL8", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-83TQL8" + }, + { + "name": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2", + "refsource": "MISC", + "url": "http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2" + }, + { + "name": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon", + "refsource": "MISC", + "url": "http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon" + }, + { + "name": "65757", + "refsource": "OSVDB", + "url": "http://osvdb.org/65757" + }, + { + "name": "41134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41134" + }, + { + "name": "http://blip.tv/file/3414004", + "refsource": "MISC", + "url": "http://blip.tv/file/3414004" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2479.json b/2010/2xxx/CVE-2010-2479.json index 4374ca0e1b1..8ff62af5f51 100644 --- a/2010/2xxx/CVE-2010-2479.json +++ b/2010/2xxx/CVE-2010-2479.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://htmlpurifier.org/news/2010/0531-4.1.1-released", - "refsource" : "CONFIRM", - "url" : "http://htmlpurifier.org/news/2010/0531-4.1.1-released" - }, - { - "name" : "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230", - "refsource" : "CONFIRM", - "url" : "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230" - }, - { - "name" : "http://wiki.mahara.org/Release_Notes/1.0.15", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.0.15" - }, - { - "name" : "http://wiki.mahara.org/Release_Notes/1.1.9", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.1.9" - }, - { - "name" : "http://wiki.mahara.org/Release_Notes/1.2.5", - "refsource" : "CONFIRM", - "url" : "http://wiki.mahara.org/Release_Notes/1.2.5" - }, - { - "name" : "41259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41259" - }, - { - "name" : "39613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39613" - }, - { - "name" : "40431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39613" + }, + { + "name": "http://wiki.mahara.org/Release_Notes/1.1.9", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.1.9" + }, + { + "name": "http://htmlpurifier.org/news/2010/0531-4.1.1-released", + "refsource": "CONFIRM", + "url": "http://htmlpurifier.org/news/2010/0531-4.1.1-released" + }, + { + "name": "41259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41259" + }, + { + "name": "http://wiki.mahara.org/Release_Notes/1.2.5", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.2.5" + }, + { + "name": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230", + "refsource": "CONFIRM", + "url": "http://repo.or.cz/w/htmlpurifier.git/commitdiff/18e538317a877a0509ae71a860429c41770da230" + }, + { + "name": "http://wiki.mahara.org/Release_Notes/1.0.15", + "refsource": "CONFIRM", + "url": "http://wiki.mahara.org/Release_Notes/1.0.15" + }, + { + "name": "40431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40431" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2917.json b/2010/2xxx/CVE-2010-2917.json index cad097ee0c9..820897348db 100644 --- a/2010/2xxx/CVE-2010-2917.json +++ b/2010/2xxx/CVE-2010-2917.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14354", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14354" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt" - }, - { - "name" : "41576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41576" - }, - { - "name" : "66279", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66279" - }, - { - "name" : "40560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40560" - }, - { - "name" : "ajarticle-profile-xss(60357)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14354", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14354" + }, + { + "name": "66279", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66279" + }, + { + "name": "41576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41576" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/ajarticle-xss.txt" + }, + { + "name": "40560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40560" + }, + { + "name": "ajarticle-profile-xss(60357)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60357" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3396.json b/2010/3xxx/CVE-2010-3396.json index 7c6119c71ce..92d532252c0 100644 --- a/2010/3xxx/CVE-2010-3396.json +++ b/2010/3xxx/CVE-2010-3396.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14987", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14987" - }, - { - "name" : "43173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/43173" - }, - { - "name" : "oval:org.mitre.oval:def:6650", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6650" - }, - { - "name" : "41393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14987", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14987" + }, + { + "name": "oval:org.mitre.oval:def:6650", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6650" + }, + { + "name": "41393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41393" + }, + { + "name": "43173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/43173" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3399.json b/2010/3xxx/CVE-2010-3399.json index fbf30e1fe3e..0bc2f78e115 100644 --- a/2010/3xxx/CVE-2010-3399.json +++ b/2010/3xxx/CVE-2010-3399.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html" - }, - { - "name" : "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf", - "refsource" : "MISC", - "url" : "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577512", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=577512" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" - }, - { - "name" : "oval:org.mitre.oval:def:7598", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598" - }, - { - "name" : "42867", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42867" - }, - { - "name" : "ADV-2011-0061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox" + }, + { + "name": "42867", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42867" + }, + { + "name": "ADV-2011-0061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0061" + }, + { + "name": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf", + "refsource": "MISC", + "url": "http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=577512" + }, + { + "name": "oval:org.mitre.oval:def:7598", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7598" + }, + { + "name": "20100914 New writeup by Amit Klein (Trusteer): \"Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3438.json b/2010/3xxx/CVE-2010-3438.json index 8b0bbe00700..37d57ae58d9 100644 --- a/2010/3xxx/CVE-2010-3438.json +++ b/2010/3xxx/CVE-2010-3438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3438", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3438", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3738.json b/2010/3xxx/CVE-2010-3738.json index 12d9e6b878f..3cb807f1814 100644 --- a/2010/3xxx/CVE-2010-3738.json +++ b/2010/3xxx/CVE-2010-3738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", - "refsource" : "CONFIRM", - "url" : "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" - }, - { - "name" : "IC65184", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184" - }, - { - "name" : "oval:org.mitre.oval:def:14488", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IC65184", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC65184" + }, + { + "name": "oval:org.mitre.oval:def:14488", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14488" + }, + { + "name": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", + "refsource": "CONFIRM", + "url": "ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0068.json b/2011/0xxx/CVE-2011-0068.json index 40837614fdb..e738cd6fce8 100644 --- a/2011/0xxx/CVE-2011-0068.json +++ b/2011/0xxx/CVE-2011-0068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0068", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0068", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0247.json b/2011/0xxx/CVE-2011-0247.json index 4617295a6b2..63d01389177 100644 --- a/2011/0xxx/CVE-2011-0247.json +++ b/2011/0xxx/CVE-2011-0247.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2011-08-03-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" - }, - { - "name" : "oval:org.mitre.oval:def:16186", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-08-03-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Aug/msg00000.html" + }, + { + "name": "oval:org.mitre.oval:def:16186", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16186" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0385.json b/2011/0xxx/CVE-2011-0385.json index aa3337e7f08..0f929ccca7e 100644 --- a/2011/0xxx/CVE-2011-0385.json +++ b/2011/0xxx/CVE-2011-0385.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" - }, - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" - }, - { - "name" : "1025113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025113" - }, - { - "name" : "1025114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025114" - }, - { - "name" : "telepresence-interface-file-upload(65604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" + }, + { + "name": "telepresence-interface-file-upload(65604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65604" + }, + { + "name": "1025114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025114" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14e.shtml" + }, + { + "name": "1025113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025113" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0687.json b/2011/0xxx/CVE-2011-0687.json index f1ce42bc6ad..25f7d3891c1 100644 --- a/2011/0xxx/CVE-2011-0687.json +++ b/2011/0xxx/CVE-2011-0687.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1101/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1101/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1101/" - }, - { - "name" : "46036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46036" - }, - { - "name" : "70733", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70733" - }, - { - "name" : "oval:org.mitre.oval:def:12563", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12563" - }, - { - "name" : "43023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43023" - }, - { - "name" : "ADV-2011-0231", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1101/" + }, + { + "name": "oval:org.mitre.oval:def:12563", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12563" + }, + { + "name": "ADV-2011-0231", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0231" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1101/" + }, + { + "name": "46036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46036" + }, + { + "name": "70733", + "refsource": "OSVDB", + "url": "http://osvdb.org/70733" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1101/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1101/" + }, + { + "name": "43023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43023" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1003.json b/2011/1xxx/CVE-2011-1003.json index 527d954e562..8092f66b629 100644 --- a/2011/1xxx/CVE-2011-1003.json +++ b/2011/1xxx/CVE-2011-1003.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110221 Re: clamav 0.97", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/21/4" - }, - { - "name" : "[oss-security] 20110221 clamav 0.97", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/21/1" - }, - { - "name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97", - "refsource" : "CONFIRM", - "url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97" - }, - { - "name" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f", - "refsource" : "CONFIRM", - "url" : "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486" - }, - { - "name" : "FEDORA-2011-2741", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html" - }, - { - "name" : "FEDORA-2011-2743", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html" - }, - { - "name" : "MDVA-2011:007", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - }, - { - "name" : "USN-1076-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1076-1" - }, - { - "name" : "46470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46470" - }, - { - "name" : "70937", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70937" - }, - { - "name" : "1025100", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025100" - }, - { - "name" : "43392", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43392" - }, - { - "name" : "43498", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43498" - }, - { - "name" : "43752", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43752" - }, - { - "name" : "ADV-2011-0453", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0453" - }, - { - "name" : "ADV-2011-0458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0458" - }, - { - "name" : "ADV-2011-0523", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0523" - }, - { - "name" : "clamav-vbareadprojectstrings-dos(65544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025100", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025100" + }, + { + "name": "46470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46470" + }, + { + "name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97", + "refsource": "CONFIRM", + "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob;f=ChangeLog;hb=clamav-0.97" + }, + { + "name": "70937", + "refsource": "OSVDB", + "url": "http://osvdb.org/70937" + }, + { + "name": "[oss-security] 20110221 clamav 0.97", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/21/1" + }, + { + "name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f", + "refsource": "CONFIRM", + "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f" + }, + { + "name": "clamav-vbareadprojectstrings-dos(65544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65544" + }, + { + "name": "ADV-2011-0458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0458" + }, + { + "name": "43752", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43752" + }, + { + "name": "ADV-2011-0453", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0453" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "MDVA-2011:007", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/en/support/security/advisories/?name=MDVA-2011:007" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486" + }, + { + "name": "ADV-2011-0523", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0523" + }, + { + "name": "FEDORA-2011-2743", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html" + }, + { + "name": "USN-1076-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1076-1" + }, + { + "name": "[oss-security] 20110221 Re: clamav 0.97", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/21/4" + }, + { + "name": "FEDORA-2011-2741", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html" + }, + { + "name": "43392", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43392" + }, + { + "name": "43498", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43498" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1336.json b/2011/1xxx/CVE-2011-1336.json index 6fc8ef85e64..12b41cc9c56 100644 --- a/2011/1xxx/CVE-2011-1336.json +++ b/2011/1xxx/CVE-2011-1336.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118", - "refsource" : "CONFIRM", - "url" : "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118" - }, - { - "name" : "http://www.altools.jp/download.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.altools.jp/download.aspx" - }, - { - "name" : "JVN#01547302", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN01547302/index.html" - }, - { - "name" : "JVNDB-2011-000048", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048" - }, - { - "name" : "48493", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48493" - }, - { - "name" : "45108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ALZip 8.21 and earlier allows remote attackers to execute arbitrary code via a crafted mim file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000048", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000048" + }, + { + "name": "48493", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48493" + }, + { + "name": "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118", + "refsource": "CONFIRM", + "url": "http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118" + }, + { + "name": "http://www.altools.jp/download.aspx", + "refsource": "CONFIRM", + "url": "http://www.altools.jp/download.aspx" + }, + { + "name": "45108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45108" + }, + { + "name": "JVN#01547302", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN01547302/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1912.json b/2011/1xxx/CVE-2011-1912.json index db73e338873..96e61261aef 100644 --- a/2011/1xxx/CVE-2011-1912.json +++ b/2011/1xxx/CVE-2011-1912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5094.json b/2011/5xxx/CVE-2011-5094.json index cddb0960315..ea689d23be3 100644 --- a/2011/5xxx/CVE-2011-5094.json +++ b/2011/5xxx/CVE-2011-5094.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/08/2" - }, - { - "name" : "[tls] 20110315 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" - }, - { - "name" : "[tls] 20110315 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" - }, - { - "name" : "[tls] 20110315 SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" - }, - { - "name" : "[tls] 20110318 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" - }, - { - "name" : "[tls] 20110318 Re: SSL Renegotiation DOS", - "refsource" : "MLIST", - "url" : "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" - }, - { - "name" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", - "refsource" : "MISC", - "url" : "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" - }, - { - "name" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", - "refsource" : "MISC", - "url" : "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" - }, - { - "name" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", - "refsource" : "MISC", - "url" : "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=707065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473. NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html", + "refsource": "MISC", + "url": "http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html" + }, + { + "name": "[tls] 20110315 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07567.html" + }, + { + "name": "[tls] 20110318 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07577.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=707065", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=707065" + }, + { + "name": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html", + "refsource": "MISC", + "url": "http://www.educatedguesswork.org/2011/10/ssltls_and_computational_dos.html" + }, + { + "name": "[oss-security] 20110708 SSL renegotiation DoS CVE-2011-1473", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/08/2" + }, + { + "name": "[tls] 20110318 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07576.html" + }, + { + "name": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html", + "refsource": "MISC", + "url": "http://orchilles.com/2011/03/ssl-renegotiation-dos.html" + }, + { + "name": "[tls] 20110315 SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07553.html" + }, + { + "name": "[tls] 20110315 Re: SSL Renegotiation DOS", + "refsource": "MLIST", + "url": "http://www.ietf.org/mail-archive/web/tls/current/msg07564.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3049.json b/2014/3xxx/CVE-2014-3049.json index 7ffa7a6eb8f..8e81dc47362 100644 --- a/2014/3xxx/CVE-2014-3049.json +++ b/2014/3xxx/CVE-2014-3049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3049", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3049", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3075.json b/2014/3xxx/CVE-2014-3075.json index b139396f770..d0368cef8f9 100644 --- a/2014/3xxx/CVE-2014-3075.json +++ b/2014/3xxx/CVE-2014-3075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-3075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679979", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21679979" - }, - { - "name" : "JR50092", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092" - }, - { - "name" : "ibm-websphere-cve20143075-file-upload(93817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/93817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-websphere-cve20143075-file-upload(93817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93817" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679979", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679979" + }, + { + "name": "JR50092", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR50092" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3362.json b/2014/3xxx/CVE-2014-3362.json index 9d2808eea9e..5d71b4da3aa 100644 --- a/2014/3xxx/CVE-2014-3362.json +++ b/2014/3xxx/CVE-2014-3362.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674" - }, - { - "name" : "20140910 Cisco TelePresence System MXP Series Software Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362" - }, - { - "name" : "61072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61072" - }, - { - "name" : "cisco-telepresence-mxp-cve20143362-dos(95883)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95883" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140910 Cisco TelePresence System MXP Series Software Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3362" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35674" + }, + { + "name": "cisco-telepresence-mxp-cve20143362-dos(95883)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95883" + }, + { + "name": "61072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61072" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3744.json b/2014/3xxx/CVE-2014-3744.json index be625d02dd7..2efbbe8bc0a 100644 --- a/2014/3xxx/CVE-2014-3744.json +++ b/2014/3xxx/CVE-2014-3744.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140513 CVE request: various NodeJS module vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/13/1" - }, - { - "name" : "[oss-security] 20140514 Re: CVE request: various NodeJS module vulnerabilities", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/05/15/2" - }, - { - "name" : "https://nodesecurity.io/advisories/st_directory_traversal", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/st_directory_traversal" - }, - { - "name" : "https://github.com/isaacs/st", - "refsource" : "CONFIRM", - "url" : "https://github.com/isaacs/st" - }, - { - "name" : "67389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20140514 Re: CVE request: various NodeJS module vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/15/2" + }, + { + "name": "[oss-security] 20140513 CVE request: various NodeJS module vulnerabilities", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/05/13/1" + }, + { + "name": "https://github.com/isaacs/st", + "refsource": "CONFIRM", + "url": "https://github.com/isaacs/st" + }, + { + "name": "67389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67389" + }, + { + "name": "https://nodesecurity.io/advisories/st_directory_traversal", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/st_directory_traversal" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6463.json b/2014/6xxx/CVE-2014-6463.json index eafc9ec45a7..3ab393af62e 100644 --- a/2014/6xxx/CVE-2014-6463.json +++ b/2014/6xxx/CVE-2014-6463.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70532" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6644.json b/2014/6xxx/CVE-2014-6644.json index f475ac5727a..d795b2ca030 100644 --- a/2014/6xxx/CVE-2014-6644.json +++ b/2014/6xxx/CVE-2014-6644.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6644", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6644", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6645.json b/2014/6xxx/CVE-2014-6645.json index e80e944066f..be1170c3748 100644 --- a/2014/6xxx/CVE-2014-6645.json +++ b/2014/6xxx/CVE-2014-6645.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#438881", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/438881" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#438881", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/438881" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7302.json b/2014/7xxx/CVE-2014-7302.json index 3dfd425dc4c..ccdc631c46e 100644 --- a/2014/7xxx/CVE-2014-7302.json +++ b/2014/7xxx/CVE-2014-7302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7316.json b/2014/7xxx/CVE-2014-7316.json index 442997bfec0..b6a004a754a 100644 --- a/2014/7xxx/CVE-2014-7316.json +++ b/2014/7xxx/CVE-2014-7316.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#987297", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/987297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#987297", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/987297" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7622.json b/2014/7xxx/CVE-2014-7622.json index 981ed2b686a..0e4a461e7eb 100644 --- a/2014/7xxx/CVE-2014-7622.json +++ b/2014/7xxx/CVE-2014-7622.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#970049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/970049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#970049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/970049" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7794.json b/2014/7xxx/CVE-2014-7794.json index 36c3ff15e3b..cd901fc514f 100644 --- a/2014/7xxx/CVE-2014-7794.json +++ b/2014/7xxx/CVE-2014-7794.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7794", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7794", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#753217", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/753217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#753217", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/753217" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7916.json b/2014/7xxx/CVE-2014-7916.json index ccc14071b96..3a9cf01daf8 100644 --- a/2014/7xxx/CVE-2014-7916.json +++ b/2014/7xxx/CVE-2014-7916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf", - "refsource" : "MISC", - "url" : "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf", + "refsource": "MISC", + "url": "http://events.linuxfoundation.org/sites/events/files/slides/ABS2015.pdf" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/edd4a76eb4747bd19ed122df46fa46b452c12a0d" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8209.json b/2014/8xxx/CVE-2014-8209.json index bfd8968d5c3..4de19576012 100644 --- a/2014/8xxx/CVE-2014-8209.json +++ b/2014/8xxx/CVE-2014-8209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8209", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8209", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8235.json b/2014/8xxx/CVE-2014-8235.json index 6468c30e0a1..e71dbf821bd 100644 --- a/2014/8xxx/CVE-2014-8235.json +++ b/2014/8xxx/CVE-2014-8235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8235", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-8235", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2205.json b/2016/2xxx/CVE-2016-2205.json index ef7e2a3b18b..c0c8be0b605 100644 --- a/2016/2xxx/CVE-2016-2205.json +++ b/2016/2xxx/CVE-2016-2205.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2016-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00" - }, - { - "name" : "89395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/89395" - }, - { - "name" : "1036262", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036262" - }, - { - "name" : "1036263", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1036263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160707_00" + }, + { + "name": "89395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/89395" + }, + { + "name": "1036263", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036263" + }, + { + "name": "1036262", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1036262" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2373.json b/2016/2xxx/CVE-2016-2373.json index 1c26e011a69..019d9cbed8e 100644 --- a/2016/2xxx/CVE-2016-2373.json +++ b/2016/2xxx/CVE-2016-2373.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Pidgin", - "version" : { - "version_data" : [ - { - "version_value" : "2.10.11" - } - ] - } - } - ] - }, - "vendor_name" : "Pidgin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pidgin", + "version": { + "version_data": [ + { + "version_value": "2.10.11" + } + ] + } + } + ] + }, + "vendor_name": "Pidgin" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.talosintelligence.com/reports/TALOS-2016-0141/", - "refsource" : "MISC", - "url" : "http://www.talosintelligence.com/reports/TALOS-2016-0141/" - }, - { - "name" : "http://www.pidgin.im/news/security/?id=106", - "refsource" : "CONFIRM", - "url" : "http://www.pidgin.im/news/security/?id=106" - }, - { - "name" : "DSA-3620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3620" - }, - { - "name" : "GLSA-201701-38", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-38" - }, - { - "name" : "USN-3031-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3031-1" - }, - { - "name" : "91335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/91335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.talosintelligence.com/reports/TALOS-2016-0141/", + "refsource": "MISC", + "url": "http://www.talosintelligence.com/reports/TALOS-2016-0141/" + }, + { + "name": "91335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/91335" + }, + { + "name": "DSA-3620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3620" + }, + { + "name": "GLSA-201701-38", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-38" + }, + { + "name": "USN-3031-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3031-1" + }, + { + "name": "http://www.pidgin.im/news/security/?id=106", + "refsource": "CONFIRM", + "url": "http://www.pidgin.im/news/security/?id=106" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2432.json b/2016/2xxx/CVE-2016-2432.json index b788c4cf3da..175e71a06f4 100644 --- a/2016/2xxx/CVE-2016-2432.json +++ b/2016/2xxx/CVE-2016-2432.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2509.json b/2016/2xxx/CVE-2016-2509.json index 54ac343f634..964f0a67535 100644 --- a/2016/2xxx/CVE-2016-2509.json +++ b/2016/2xxx/CVE-2016-2509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-2509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf" - }, - { - "name" : "VU#507216", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/507216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The password-sync feature on Belden Hirschmann Classic Platform switches L2B before 05.3.07 and L2E, L2P, L3E, and L3P before 09.0.06 sets an SNMP community to the same string as the administrator password, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#507216", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/507216" + }, + { + "name": "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf", + "refsource": "CONFIRM", + "url": "https://www.belden.com/resourcecenter/security/upload/Belden_Security_Advisory_BSECV-2016-2_1v0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2990.json b/2016/2xxx/CVE-2016-2990.json index 6b12b7e3786..f84af2c59c8 100644 --- a/2016/2xxx/CVE-2016-2990.json +++ b/2016/2xxx/CVE-2016-2990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2990", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2990", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6281.json b/2016/6xxx/CVE-2016-6281.json index 8b0c9e02b1c..4b2099a8370 100644 --- a/2016/6xxx/CVE-2016-6281.json +++ b/2016/6xxx/CVE-2016-6281.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-6281", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-6281", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6530.json b/2016/6xxx/CVE-2016-6530.json index 98191f6ada4..75464d8fde7 100644 --- a/2016/6xxx/CVE-2016-6530.json +++ b/2016/6xxx/CVE-2016-6530.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2016-6530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2016-6530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.schickbysirona.com/items.php?itemid=19189", - "refsource" : "CONFIRM", - "url" : "https://www.schickbysirona.com/items.php?itemid=19189" - }, - { - "name" : "VU#548399", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/548399" - }, - { - "name" : "92777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92777" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default passwords for the sa and cdr accounts, which allows remote attackers to obtain administrative access by leveraging knowledge of these passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#548399", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/548399" + }, + { + "name": "https://www.schickbysirona.com/items.php?itemid=19189", + "refsource": "CONFIRM", + "url": "https://www.schickbysirona.com/items.php?itemid=19189" + }, + { + "name": "92777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92777" + } + ] + } +} \ No newline at end of file diff --git a/2016/6xxx/CVE-2016-6783.json b/2016/6xxx/CVE-2016-6783.json index 73571d63a49..67933d02609 100644 --- a/2016/6xxx/CVE-2016-6783.json +++ b/2016/6xxx/CVE-2016-6783.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2016-6783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-6783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2016-12-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2016-12-01.html" - }, - { - "name" : "94683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/94683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2016-12-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2016-12-01.html" + }, + { + "name": "94683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/94683" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18271.json b/2017/18xxx/CVE-2017-18271.json index 63a4aeaa52a..72a2fd91792 100644 --- a/2017/18xxx/CVE-2017-18271.json +++ b/2017/18xxx/CVE-2017-18271.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/911", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/911" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180523 [SECURITY] [DLA 1381-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00012.html" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/911", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/911" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18275.json b/2017/18xxx/CVE-2017-18275.json index 6ae103b1c29..1a25ad10a86 100644 --- a/2017/18xxx/CVE-2017-18275.json +++ b/2017/18xxx/CVE-2017-18275.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18275", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18275", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1448.json b/2017/1xxx/CVE-2017-1448.json index f5d48d24118..2a99d507fff 100644 --- a/2017/1xxx/CVE-2017-1448.json +++ b/2017/1xxx/CVE-2017-1448.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-04T00:00:00", - "ID" : "CVE-2017-1448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Emptoris Supplier Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.0" - }, - { - "version_value" : "10.0.0.0" - }, - { - "version_value" : "10.0.1.0" - }, - { - "version_value" : "10.0.2.0" - }, - { - "version_value" : "10.0.4.0" - }, - { - "version_value" : "10.1.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-04T00:00:00", + "ID": "CVE-2017-1448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Emptoris Supplier Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "10.1.0.0" + }, + { + "version_value": "10.0.0.0" + }, + { + "version_value": "10.0.1.0" + }, + { + "version_value": "10.0.2.0" + }, + { + "version_value": "10.0.4.0" + }, + { + "version_value": "10.1.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006854", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006854" - }, - { - "name" : "100222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006854", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006854" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128173" + }, + { + "name": "100222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100222" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1687.json b/2017/1xxx/CVE-2017-1687.json index fe68501e634..e93f4ce2d31 100644 --- a/2017/1xxx/CVE-2017-1687.json +++ b/2017/1xxx/CVE-2017-1687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5064.json b/2017/5xxx/CVE-2017-5064.json index 9b0e988161e..0b8267242d0 100644 --- a/2017/5xxx/CVE-2017-5064.json +++ b/2017/5xxx/CVE-2017-5064.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 58.0.3029.81 for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 58.0.3029.81 for Windows" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Object Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 58.0.3029.81 for Windows", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 58.0.3029.81 for Windows" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/693974", - "refsource" : "MISC", - "url" : "https://crbug.com/693974" - }, - { - "name" : "GLSA-201705-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-02" - }, - { - "name" : "RHSA-2017:1124", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1124" - }, - { - "name" : "97939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97939" - }, - { - "name" : "1038317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Object Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1124", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1124" + }, + { + "name": "GLSA-201705-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-02" + }, + { + "name": "1038317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038317" + }, + { + "name": "https://crbug.com/693974", + "refsource": "MISC", + "url": "https://crbug.com/693974" + }, + { + "name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" + }, + { + "name": "97939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97939" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5270.json b/2017/5xxx/CVE-2017-5270.json index 0cfc3996f0d..3990a03b07c 100644 --- a/2017/5xxx/CVE-2017-5270.json +++ b/2017/5xxx/CVE-2017-5270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5578.json b/2017/5xxx/CVE-2017-5578.json index f248c0c5a50..1f59b3c9093 100644 --- a/2017/5xxx/CVE-2017-5578.json +++ b/2017/5xxx/CVE-2017-5578.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-5578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/23/3" - }, - { - "name" : "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/25/2" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b" - }, - { - "name" : "GLSA-201702-28", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-28" - }, - { - "name" : "95781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virtio_gpu_resource_attach_backing function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b" + }, + { + "name": "95781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95781" + }, + { + "name": "GLSA-201702-28", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-28" + }, + { + "name": "[oss-security] 20170123 CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/23/3" + }, + { + "name": "[oss-security] 20170125 Re: CVE request Qemu: display: virtio-gpu: host memory leakage in virtio_gpu_resource_attach_backing", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/25/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5599.json b/2017/5xxx/CVE-2017-5599.json index 5c6b35f59b2..aeb41366275 100644 --- a/2017/5xxx/CVE-2017-5599.json +++ b/2017/5xxx/CVE-2017-5599.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697", - "refsource" : "MISC", - "url" : "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697" - }, - { - "name" : "95835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95835" + }, + { + "name": "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697", + "refsource": "MISC", + "url": "https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5683.json b/2017/5xxx/CVE-2017-5683.json index ffc775318ee..f1c87f4787f 100644 --- a/2017/5xxx/CVE-2017-5683.json +++ b/2017/5xxx/CVE-2017-5683.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-5683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Hardware Accelerated Execution Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Before v6.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-5683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Hardware Accelerated Execution Manager", + "version": { + "version_data": [ + { + "version_value": "Before v6.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00072&languageid=en-fr" + } + ] + } +} \ No newline at end of file