From a2c02e25e8b492d2f049f092243a8c4199446a01 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:08:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0648.json | 190 ++++----- 2006/3xxx/CVE-2006-3128.json | 190 ++++----- 2006/3xxx/CVE-2006-3392.json | 290 ++++++------- 2006/3xxx/CVE-2006-3643.json | 200 ++++----- 2006/3xxx/CVE-2006-3769.json | 220 +++++----- 2006/3xxx/CVE-2006-3872.json | 34 +- 2006/4xxx/CVE-2006-4141.json | 140 +++---- 2006/4xxx/CVE-2006-4162.json | 140 +++---- 2006/4xxx/CVE-2006-4571.json | 680 +++++++++++++++---------------- 2006/4xxx/CVE-2006-4754.json | 180 ++++---- 2006/6xxx/CVE-2006-6099.json | 34 +- 2006/6xxx/CVE-2006-6228.json | 120 +++--- 2006/6xxx/CVE-2006-6757.json | 140 +++---- 2006/6xxx/CVE-2006-6903.json | 140 +++---- 2006/7xxx/CVE-2006-7150.json | 160 ++++---- 2010/2xxx/CVE-2010-2094.json | 200 ++++----- 2010/2xxx/CVE-2010-2130.json | 170 ++++---- 2010/2xxx/CVE-2010-2148.json | 180 ++++---- 2010/2xxx/CVE-2010-2787.json | 220 +++++----- 2011/0xxx/CVE-2011-0046.json | 330 +++++++-------- 2011/0xxx/CVE-2011-0175.json | 130 +++--- 2011/0xxx/CVE-2011-0265.json | 180 ++++---- 2011/0xxx/CVE-2011-0329.json | 150 +++---- 2011/1xxx/CVE-2011-1475.json | 230 +++++------ 2011/1xxx/CVE-2011-1546.json | 210 +++++----- 2011/1xxx/CVE-2011-1741.json | 170 ++++---- 2011/1xxx/CVE-2011-1890.json | 140 +++---- 2011/4xxx/CVE-2011-4013.json | 34 +- 2011/4xxx/CVE-2011-4180.json | 34 +- 2011/4xxx/CVE-2011-4271.json | 34 +- 2011/4xxx/CVE-2011-4958.json | 200 ++++----- 2011/5xxx/CVE-2011-5215.json | 150 +++---- 2014/2xxx/CVE-2014-2302.json | 160 ++++---- 2014/2xxx/CVE-2014-2582.json | 34 +- 2014/2xxx/CVE-2014-2698.json | 34 +- 2014/2xxx/CVE-2014-2962.json | 140 +++---- 2014/3xxx/CVE-2014-3448.json | 34 +- 2014/3xxx/CVE-2014-3779.json | 130 +++--- 2014/3xxx/CVE-2014-3943.json | 160 ++++---- 2014/6xxx/CVE-2014-6294.json | 120 +++--- 2014/6xxx/CVE-2014-6585.json | 380 ++++++++--------- 2014/6xxx/CVE-2014-6811.json | 34 +- 2014/6xxx/CVE-2014-6916.json | 140 +++---- 2014/7xxx/CVE-2014-7073.json | 140 +++---- 2014/7xxx/CVE-2014-7519.json | 140 +++---- 2014/7xxx/CVE-2014-7529.json | 140 +++---- 2014/7xxx/CVE-2014-7852.json | 130 +++--- 2014/7xxx/CVE-2014-7951.json | 34 +- 2014/999xxx/CVE-2014-999999.json | 34 +- 2016/2xxx/CVE-2016-2164.json | 150 +++---- 2016/2xxx/CVE-2016-2240.json | 34 +- 2016/2xxx/CVE-2016-2483.json | 130 +++--- 2017/0xxx/CVE-2017-0193.json | 140 +++---- 2017/0xxx/CVE-2017-0274.json | 140 +++---- 2017/1xxx/CVE-2017-1056.json | 34 +- 2017/1xxx/CVE-2017-1259.json | 34 +- 2017/1xxx/CVE-2017-1834.json | 34 +- 2017/5xxx/CVE-2017-5455.json | 194 ++++----- 2017/5xxx/CVE-2017-5499.json | 130 +++--- 2017/5xxx/CVE-2017-5919.json | 120 +++--- 60 files changed, 4372 insertions(+), 4372 deletions(-) diff --git a/2006/0xxx/CVE-2006-0648.json b/2006/0xxx/CVE-2006-0648.json index 10f92c214b8..9980582268b 100644 --- a/2006/0xxx/CVE-2006-0648.json +++ b/2006/0xxx/CVE-2006-0648.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060208 [eVuln] PHP iCalendar File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/424424/100/0/threaded" - }, - { - "name" : "http://evuln.com/vulns/70/summary.html", - "refsource" : "MISC", - "url" : "http://evuln.com/vulns/70/summary.html" - }, - { - "name" : "http://phpicalendar.net/forums/viewtopic.php?t=396", - "refsource" : "CONFIRM", - "url" : "http://phpicalendar.net/forums/viewtopic.php?t=396" - }, - { - "name" : "16557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16557" - }, - { - "name" : "ADV-2006-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0493" - }, - { - "name" : "18778", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18778" - }, - { - "name" : "420", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/420" - }, - { - "name" : "phpicalendar-template-search-file-include(24591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://evuln.com/vulns/70/summary.html", + "refsource": "MISC", + "url": "http://evuln.com/vulns/70/summary.html" + }, + { + "name": "http://phpicalendar.net/forums/viewtopic.php?t=396", + "refsource": "CONFIRM", + "url": "http://phpicalendar.net/forums/viewtopic.php?t=396" + }, + { + "name": "20060208 [eVuln] PHP iCalendar File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/424424/100/0/threaded" + }, + { + "name": "ADV-2006-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0493" + }, + { + "name": "16557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16557" + }, + { + "name": "phpicalendar-template-search-file-include(24591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24591" + }, + { + "name": "420", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/420" + }, + { + "name": "18778", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18778" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3128.json b/2006/3xxx/CVE-2006-3128.json index e58752844b4..6096e2f6521 100644 --- a/2006/3xxx/CVE-2006-3128.json +++ b/2006/3xxx/CVE-2006-3128.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 Easy CMS 0.1.2 Php Shell Upload Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437705/100/0/threaded" - }, - { - "name" : "18496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18496" - }, - { - "name" : "ADV-2006-2419", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2419" - }, - { - "name" : "http://biyosecurity.be/bugs/easycms.txt", - "refsource" : "MISC", - "url" : "http://biyosecurity.be/bugs/easycms.txt" - }, - { - "name" : "26633", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26633" - }, - { - "name" : "1016335", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016335" - }, - { - "name" : "20733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20733" - }, - { - "name" : "easycms-extensions-file-upload(27281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20733" + }, + { + "name": "20060618 Easy CMS 0.1.2 Php Shell Upload Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437705/100/0/threaded" + }, + { + "name": "1016335", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016335" + }, + { + "name": "ADV-2006-2419", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2419" + }, + { + "name": "http://biyosecurity.be/bugs/easycms.txt", + "refsource": "MISC", + "url": "http://biyosecurity.be/bugs/easycms.txt" + }, + { + "name": "18496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18496" + }, + { + "name": "26633", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26633" + }, + { + "name": "easycms-extensions-file-upload(27281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27281" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3392.json b/2006/3xxx/CVE-2006-3392.json index 7352108b853..785b1195694 100644 --- a/2006/3xxx/CVE-2006-3392.json +++ b/2006/3xxx/CVE-2006-3392.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3392", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439653/100/0/threaded" - }, - { - "name" : "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440493/100/0/threaded" - }, - { - "name" : "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440125/100/0/threaded" - }, - { - "name" : "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440466/100/0/threaded" - }, - { - "name" : "http://www.webmin.com/changes.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/changes.html" - }, - { - "name" : "20060630 Webmin traversal - changelog", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-June/000912.html" - }, - { - "name" : "20060711 Re: Webmin traversal - changelog", - "refsource" : "VIM", - "url" : "http://attrition.org/pipermail/vim/2006-July/000923.html" - }, - { - "name" : "DSA-1199", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1199" - }, - { - "name" : "GLSA-200608-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-11.xml" - }, - { - "name" : "MDKSA-2006:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125" - }, - { - "name" : "VU#999601", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/999601" - }, - { - "name" : "18744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18744" - }, - { - "name" : "ADV-2006-2612", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2612" - }, - { - "name" : "26772", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26772" - }, - { - "name" : "20892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20892" - }, - { - "name" : "21105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21105" - }, - { - "name" : "21365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21365" - }, - { - "name" : "22556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21365" + }, + { + "name": "GLSA-200608-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml" + }, + { + "name": "http://www.webmin.com/changes.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/changes.html" + }, + { + "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded" + }, + { + "name": "21105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21105" + }, + { + "name": "18744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18744" + }, + { + "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded" + }, + { + "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded" + }, + { + "name": "VU#999601", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/999601" + }, + { + "name": "DSA-1199", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1199" + }, + { + "name": "20060630 Webmin traversal - changelog", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-June/000912.html" + }, + { + "name": "20892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20892" + }, + { + "name": "MDKSA-2006:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125" + }, + { + "name": "ADV-2006-2612", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2612" + }, + { + "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded" + }, + { + "name": "26772", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26772" + }, + { + "name": "22556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22556" + }, + { + "name": "20060711 Re: Webmin traversal - changelog", + "refsource": "VIM", + "url": "http://attrition.org/pipermail/vim/2006-July/000923.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3643.json b/2006/3xxx/CVE-2006-3643.json index 7ff9460fadd..468d004f6b7 100644 --- a/2006/3xxx/CVE-2006-3643.json +++ b/2006/3xxx/CVE-2006-3643.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-044", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#927548", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927548" - }, - { - "name" : "19417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19417" - }, - { - "name" : "ADV-2006-3213", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3213" - }, - { - "name" : "oval:org.mitre.oval:def:638", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" - }, - { - "name" : "1016655", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016655" - }, - { - "name" : "21401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21401" - }, - { - "name" : "win-mmc-resource-xss(28005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local \"HTML-embedded resource files\" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka \"MMC Redirect Cross-Site Scripting Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016655", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016655" + }, + { + "name": "win-mmc-resource-xss(28005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28005" + }, + { + "name": "ADV-2006-3213", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3213" + }, + { + "name": "19417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19417" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "oval:org.mitre.oval:def:638", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A638" + }, + { + "name": "VU#927548", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927548" + }, + { + "name": "21401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21401" + }, + { + "name": "MS06-044", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-044" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3769.json b/2006/3xxx/CVE-2006-3769.json index ddb0b94880a..f53cbef3f2b 100644 --- a/2006/3xxx/CVE-2006-3769.json +++ b/2006/3xxx/CVE-2006-3769.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440652/100/0/threaded" - }, - { - "name" : "20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440889/100/100/threaded" - }, - { - "name" : "http://www.majorsecurity.de/advisory/major_rls22.txt", - "refsource" : "MISC", - "url" : "http://www.majorsecurity.de/advisory/major_rls22.txt" - }, - { - "name" : "19098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19098" - }, - { - "name" : "ADV-2006-2914", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2914" - }, - { - "name" : "27413", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27413" - }, - { - "name" : "27414", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27414" - }, - { - "name" : "1016548", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016548" - }, - { - "name" : "21145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21145" - }, - { - "name" : "1267", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1267" - }, - { - "name" : "topxl-add-index-xss(27880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060720 Re: [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440889/100/100/threaded" + }, + { + "name": "20060720 [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440652/100/0/threaded" + }, + { + "name": "topxl-add-index-xss(27880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27880" + }, + { + "name": "ADV-2006-2914", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2914" + }, + { + "name": "http://www.majorsecurity.de/advisory/major_rls22.txt", + "refsource": "MISC", + "url": "http://www.majorsecurity.de/advisory/major_rls22.txt" + }, + { + "name": "1016548", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016548" + }, + { + "name": "21145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21145" + }, + { + "name": "27414", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27414" + }, + { + "name": "27413", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27413" + }, + { + "name": "1267", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1267" + }, + { + "name": "19098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19098" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3872.json b/2006/3xxx/CVE-2006-3872.json index 06d7ebd4e39..ac77cc498eb 100644 --- a/2006/3xxx/CVE-2006-3872.json +++ b/2006/3xxx/CVE-2006-3872.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3872", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-3872", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4141.json b/2006/4xxx/CVE-2006-4141.json index aa393c0acf0..33083f6ac01 100644 --- a/2006/4xxx/CVE-2006-4141.json +++ b/2006/4xxx/CVE-2006-4141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060809 Virtual War v1.5.0 <= Sql Injection vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442880/100/0/threaded" - }, - { - "name" : "1383", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1383" - }, - { - "name" : "virtualwar-news-sql-injection(28332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1383", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1383" + }, + { + "name": "virtualwar-news-sql-injection(28332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28332" + }, + { + "name": "20060809 Virtual War v1.5.0 <= Sql Injection vuln.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442880/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4162.json b/2006/4xxx/CVE-2006-4162.json index b80f0fe80be..58c6dd3bb48 100644 --- a/2006/4xxx/CVE-2006-4162.json +++ b/2006/4xxx/CVE-2006-4162.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060809 Dragonfly CMS 9.0.6.1 and prior XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442885/100/0/threaded" - }, - { - "name" : "1394", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1394" - }, - { - "name" : "cpg-dragonfly-search-xss(28333)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28333" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpg-dragonfly-search-xss(28333)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28333" + }, + { + "name": "20060809 Dragonfly CMS 9.0.6.1 and prior XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442885/100/0/threaded" + }, + { + "name": "1394", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1394" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4571.json b/2006/4xxx/CVE-2006-4571.json index ed05c9a75d4..c5227d25ca3 100644 --- a/2006/4xxx/CVE-2006-4571.json +++ b/2006/4xxx/CVE-2006-4571.json @@ -1,342 +1,342 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 rPSA-2006-0169-1 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446140/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-640", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-640" - }, - { - "name" : "DSA-1191", - "refsource" : "DEBIAN", - "url" : "http://www.us.debian.org/security/2006/dsa-1191" - }, - { - "name" : "DSA-1192", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1192" - }, - { - "name" : "DSA-1210", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1210" - }, - { - "name" : "GLSA-200609-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-19.xml" - }, - { - "name" : "GLSA-200610-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-01.xml" - }, - { - "name" : "GLSA-200610-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200610-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" - }, - { - "name" : "MDKSA-2006:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" - }, - { - "name" : "MDKSA-2006:169", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" - }, - { - "name" : "RHSA-2006:0676", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0676.html" - }, - { - "name" : "RHSA-2006:0677", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0677.html" - }, - { - "name" : "RHSA-2006:0675", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0675.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-351-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-351-1" - }, - { - "name" : "USN-352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-352-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "20042", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20042" - }, - { - "name" : "oval:org.mitre.oval:def:11728", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728" - }, - { - "name" : "ADV-2006-3617", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3617" - }, - { - "name" : "ADV-2007-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1198" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016846", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016846" - }, - { - "name" : "1016847", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016847" - }, - { - "name" : "1016848", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016848" - }, - { - "name" : "21906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21906" - }, - { - "name" : "21949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21949" - }, - { - "name" : "21915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21915" - }, - { - "name" : "21916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21916" - }, - { - "name" : "21939", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21939" - }, - { - "name" : "21940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21940" - }, - { - "name" : "21950", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21950" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22001" - }, - { - "name" : "22025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22025" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22074" - }, - { - "name" : "22088", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22088" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22247" - }, - { - "name" : "22274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22274" - }, - { - "name" : "22299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22299" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22391" - }, - { - "name" : "22422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22422" - }, - { - "name" : "22849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22849" - }, - { - "name" : "22056", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22056" - }, - { - "name" : "22195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22195" - }, - { - "name" : "24711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24711" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016847", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016847" + }, + { + "name": "22391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22391" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "oval:org.mitre.oval:def:11728", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11728" + }, + { + "name": "RHSA-2006:0676", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0676.html" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "22195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22195" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "USN-352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-352-1" + }, + { + "name": "21950", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21950" + }, + { + "name": "USN-351-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-351-1" + }, + { + "name": "22025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22025" + }, + { + "name": "22056", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22056" + }, + { + "name": "22247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22247" + }, + { + "name": "MDKSA-2006:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:168" + }, + { + "name": "DSA-1191", + "refsource": "DEBIAN", + "url": "http://www.us.debian.org/security/2006/dsa-1191" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "DSA-1210", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1210" + }, + { + "name": "24711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24711" + }, + { + "name": "GLSA-200610-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-04.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-224.htm" + }, + { + "name": "22849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22849" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "21939", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21939" + }, + { + "name": "1016848", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016848" + }, + { + "name": "ADV-2006-3617", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3617" + }, + { + "name": "21915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21915" + }, + { + "name": "ADV-2007-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1198" + }, + { + "name": "RHSA-2006:0677", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0677.html" + }, + { + "name": "DSA-1192", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1192" + }, + { + "name": "GLSA-200609-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-19.xml" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22274" + }, + { + "name": "RHSA-2006:0675", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0675.html" + }, + { + "name": "21940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21940" + }, + { + "name": "20042", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20042" + }, + { + "name": "22001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22001" + }, + { + "name": "20060915 rPSA-2006-0169-1 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446140/100/0/threaded" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "21906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21906" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "GLSA-200610-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200610-01.xml" + }, + { + "name": "22074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22074" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "22088", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22088" + }, + { + "name": "21949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21949" + }, + { + "name": "https://issues.rpath.com/browse/RPL-640", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-640" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-64.html" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "1016846", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016846" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "22422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22422" + }, + { + "name": "22299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22299" + }, + { + "name": "MDKSA-2006:169", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:169" + }, + { + "name": "21916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21916" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4754.json b/2006/4xxx/CVE-2006-4754.json index 3ed0e2d185f..b876f7447ad 100644 --- a/2006/4xxx/CVE-2006-4754.json +++ b/2006/4xxx/CVE-2006-4754.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 PHProg : Local File Inclusion + XSS + Full path", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115796646100433&w=2" - }, - { - "name" : "http://www.pconfig.com/cdg393/adviso/PHProg.txt", - "refsource" : "MISC", - "url" : "http://www.pconfig.com/cdg393/adviso/PHProg.txt" - }, - { - "name" : "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html", - "refsource" : "CONFIRM", - "url" : "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html" - }, - { - "name" : "19957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19957" - }, - { - "name" : "21849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21849" - }, - { - "name" : "phprog-index-path-disclosure(28845)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845" - }, - { - "name" : "phprog-index-xss(28846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt", + "refsource": "MISC", + "url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt" + }, + { + "name": "phprog-index-xss(28846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28846" + }, + { + "name": "19957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19957" + }, + { + "name": "20060911 PHProg : Local File Inclusion + XSS + Full path", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115796646100433&w=2" + }, + { + "name": "21849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21849" + }, + { + "name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html", + "refsource": "CONFIRM", + "url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html" + }, + { + "name": "phprog-index-path-disclosure(28845)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28845" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6099.json b/2006/6xxx/CVE-2006-6099.json index f6c53dc539a..32408efbf9e 100644 --- a/2006/6xxx/CVE-2006-6099.json +++ b/2006/6xxx/CVE-2006-6099.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6099", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-6099", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2006. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6228.json b/2006/6xxx/CVE-2006-6228.json index 90e46e6950e..611a08c544a 100644 --- a/2006/6xxx/CVE-2006-6228.json +++ b/2006/6xxx/CVE-2006-6228.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ltwcalendar.sourceforge.net/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://ltwcalendar.sourceforge.net/changelog.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ltwcalendar.sourceforge.net/changelog.php", + "refsource": "CONFIRM", + "url": "http://ltwcalendar.sourceforge.net/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6757.json b/2006/6xxx/CVE-2006-6757.json index d8ffee38abf..2bfe3f9805e 100644 --- a/2006/6xxx/CVE-2006-6757.json +++ b/2006/6xxx/CVE-2006-6757.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2963", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2963" - }, - { - "name" : "21683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21683" - }, - { - "name" : "ADV-2006-5117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2963", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2963" + }, + { + "name": "ADV-2006-5117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5117" + }, + { + "name": "21683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21683" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6903.json b/2006/6xxx/CVE-2006-6903.json index b22cb56e783..7be60ffc9fa 100644 --- a/2006/6xxx/CVE-2006-6903.json +++ b/2006/6xxx/CVE-2006-6903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455889/100/0/threaded" - }, - { - "name" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", - "refsource" : "MISC", - "url" : "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" - }, - { - "name" : "37607", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/37607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf", + "refsource": "MISC", + "url": "http://events.ccc.de/congress/2006-mediawiki//images/f/fb/23c3_Bluetooh_revisited.pdf" + }, + { + "name": "20070104 23C3 - Bluetooth hacking revisted [Summary and Code]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455889/100/0/threaded" + }, + { + "name": "37607", + "refsource": "OSVDB", + "url": "http://osvdb.org/37607" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7150.json b/2006/7xxx/CVE-2006-7150.json index 358d138666a..d2efa2871bc 100644 --- a/2006/7xxx/CVE-2006-7150.json +++ b/2006/7xxx/CVE-2006-7150.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061020 [KAPDA::#60] Mambo V4.6.x vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449305/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-444.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-444.html" - }, - { - "name" : "20650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20650" - }, - { - "name" : "2379", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2379" - }, - { - "name" : "mambo-comments-sql-injection(29707)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061020 [KAPDA::#60] Mambo V4.6.x vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449305/100/0/threaded" + }, + { + "name": "2379", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2379" + }, + { + "name": "mambo-comments-sql-injection(29707)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29707" + }, + { + "name": "20650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20650" + }, + { + "name": "http://www.kapda.ir/advisory-444.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-444.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2094.json b/2010/2xxx/CVE-2010-2094.json index 2471364b190..ccc1e1ba8a6 100644 --- a/2010/2xxx/CVE-2010-2094.json +++ b/2010/2xxx/CVE-2010-2094.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/index.html" - }, - { - "name" : "http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/index.html" - }, - { - "name" : "http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/index.html", - "refsource" : "MISC", - "url" : "http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/index.html" - }, - { - "name" : "MDVSA-2011:004", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:004" - }, - { - "name" : "SUSE-SR:2010:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" - }, - { - "name" : "SUSE-SR:2010:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" - }, - { - "name" : "ADV-2011-0068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0068" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/14/mops-2010-028-php-phar_wrapper_open_url-format-string-vulnerabilities/index.html" + }, + { + "name": "http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/14/mops-2010-024-php-phar_stream_flush-format-string-vulnerability/index.html" + }, + { + "name": "ADV-2011-0068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0068" + }, + { + "name": "http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/14/mops-2010-027-php-phar_parse_url-format-string-vulnerabilities/index.html" + }, + { + "name": "http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/14/mops-2010-025-php-phar_wrapper_open_dir-format-string-vulnerability/index.html" + }, + { + "name": "SUSE-SR:2010:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html" + }, + { + "name": "MDVSA-2011:004", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:004" + }, + { + "name": "SUSE-SR:2010:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html" + }, + { + "name": "http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/index.html", + "refsource": "MISC", + "url": "http://php-security.org/2010/05/14/mops-2010-026-php-phar_wrapper_unlink-format-string-vulnerability/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2130.json b/2010/2xxx/CVE-2010-2130.json index 3cc8f4df116..2a48bcb6d9d 100644 --- a/2010/2xxx/CVE-2010-2130.json +++ b/2010/2xxx/CVE-2010-2130.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100226 ARISg5 (Version 5.0) Cross Site Scripting Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509770/100/0/threaded" - }, - { - "name" : "20100226 ARISg5 (version 5.0) cross site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/509758/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/1002-exploits/arisg5-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1002-exploits/arisg5-xss.txt" - }, - { - "name" : "38441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/38441" - }, - { - "name" : "62665", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/62665" - }, - { - "name" : "38793", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38793", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38793" + }, + { + "name": "http://packetstormsecurity.org/1002-exploits/arisg5-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1002-exploits/arisg5-xss.txt" + }, + { + "name": "62665", + "refsource": "OSVDB", + "url": "http://osvdb.org/62665" + }, + { + "name": "20100226 ARISg5 (version 5.0) cross site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509758/100/0/threaded" + }, + { + "name": "38441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/38441" + }, + { + "name": "20100226 ARISg5 (Version 5.0) Cross Site Scripting Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/509770/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2148.json b/2010/2xxx/CVE-2010-2148.json index 9e074f33dd1..342b51c2128 100644 --- a/2010/2xxx/CVE-2010-2148.json +++ b/2010/2xxx/CVE-2010-2148.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "12779", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/12779" - }, - { - "name" : "http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt" - }, - { - "name" : "40430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40430" - }, - { - "name" : "64999", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/64999" - }, - { - "name" : "39983", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39983" - }, - { - "name" : "ADV-2010-1271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1271" - }, - { - "name" : "mycar-index-sql-injection(58975)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-1271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1271" + }, + { + "name": "64999", + "refsource": "OSVDB", + "url": "http://osvdb.org/64999" + }, + { + "name": "39983", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39983" + }, + { + "name": "mycar-index-sql-injection(58975)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58975" + }, + { + "name": "http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://www.xenuser.org/documents/security/joomla_com_mycar_multiple_vulnerabilities.txt" + }, + { + "name": "12779", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/12779" + }, + { + "name": "40430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40430" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2787.json b/2010/2xxx/CVE-2010-2787.json index 87a4783d5db..f2f0fcb32cb 100644 --- a/2010/2xxx/CVE-2010-2787.json +++ b/2010/2xxx/CVE-2010-2787.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html" - }, - { - "name" : "[oss-security] 20100729 Re: CVE request: mediawiki", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2010/07/29/4" - }, - { - "name" : "http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776", - "refsource" : "CONFIRM", - "url" : "http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620224", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620224" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=620226", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=620226" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565" - }, - { - "name" : "FEDORA-2011-5495", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" - }, - { - "name" : "FEDORA-2011-5807", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" - }, - { - "name" : "FEDORA-2011-5812", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" - }, - { - "name" : "FEDORA-2011-5848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" - }, - { - "name" : "42019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-5495", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058588.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620226", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620226" + }, + { + "name": "FEDORA-2011-5807", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" + }, + { + "name": "[oss-security] 20100729 Re: CVE request: mediawiki", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2010/07/29/4" + }, + { + "name": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776", + "refsource": "CONFIRM", + "url": "http://svn.wikimedia.org/viewvc/mediawiki?view=revision&revision=69776" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=24565" + }, + { + "name": "FEDORA-2011-5848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" + }, + { + "name": "[mediawiki-announce] 20100728 MediaWiki security release: 1.16.0 and 1.15.5", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html" + }, + { + "name": "42019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42019" + }, + { + "name": "FEDORA-2011-5812", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=620224", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620224" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0046.json b/2011/0xxx/CVE-2011-0046.json index d80e5694882..fa9337d68d8 100644 --- a/2011/0xxx/CVE-2011-0046.json +++ b/2011/0xxx/CVE-2011-0046.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.9/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.9/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621090", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621090" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621105", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621105" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621107", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621107" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621108", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621108" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621109", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621109" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621110", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=621110" - }, - { - "name" : "DSA-2322", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2322" - }, - { - "name" : "FEDORA-2011-0741", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" - }, - { - "name" : "FEDORA-2011-0755", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" - }, - { - "name" : "45982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45982" - }, - { - "name" : "70705", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70705" - }, - { - "name" : "70706", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70706" - }, - { - "name" : "70707", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70707" - }, - { - "name" : "70708", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70708" - }, - { - "name" : "70709", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70709" - }, - { - "name" : "70710", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70710" - }, - { - "name" : "43033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43033" - }, - { - "name" : "43165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43165" - }, - { - "name" : "ADV-2011-0207", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0207" - }, - { - "name" : "ADV-2011-0271", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0271" - }, - { - "name" : "bugzilla-unspec-csrf(65003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621105", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621105" + }, + { + "name": "70710", + "refsource": "OSVDB", + "url": "http://osvdb.org/70710" + }, + { + "name": "45982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45982" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621090", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621090" + }, + { + "name": "43165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43165" + }, + { + "name": "70709", + "refsource": "OSVDB", + "url": "http://osvdb.org/70709" + }, + { + "name": "http://www.bugzilla.org/security/3.2.9/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.9/" + }, + { + "name": "FEDORA-2011-0741", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html" + }, + { + "name": "70708", + "refsource": "OSVDB", + "url": "http://osvdb.org/70708" + }, + { + "name": "ADV-2011-0271", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0271" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621109", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621109" + }, + { + "name": "43033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43033" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621107", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621107" + }, + { + "name": "bugzilla-unspec-csrf(65003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65003" + }, + { + "name": "ADV-2011-0207", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0207" + }, + { + "name": "FEDORA-2011-0755", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621110", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621110" + }, + { + "name": "70707", + "refsource": "OSVDB", + "url": "http://osvdb.org/70707" + }, + { + "name": "DSA-2322", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2322" + }, + { + "name": "70706", + "refsource": "OSVDB", + "url": "http://osvdb.org/70706" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=621108", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=621108" + }, + { + "name": "70705", + "refsource": "OSVDB", + "url": "http://osvdb.org/70705" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0175.json b/2011/0xxx/CVE-2011-0175.json index 212bbd213c2..a30ed819d15 100644 --- a/2011/0xxx/CVE-2011-0175.json +++ b/2011/0xxx/CVE-2011-0175.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0265.json b/2011/0xxx/CVE-2011-0265.json index 368b918b914..73074a89059 100644 --- a/2011/0xxx/CVE-2011-0265.json +++ b/2011/0xxx/CVE-2011-0265.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-007/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-007/" - }, - { - "name" : "HPSBMA02621", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "SSRT100352", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/515628" - }, - { - "name" : "45762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45762" - }, - { - "name" : "1024951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1024951" - }, - { - "name" : "ADV-2011-0085", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0085" - }, - { - "name" : "hp-opennnm-dataselect1-bo(64651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-opennnm-dataselect1-bo(64651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64651" + }, + { + "name": "HPSBMA02621", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "ADV-2011-0085", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0085" + }, + { + "name": "SSRT100352", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/515628" + }, + { + "name": "45762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45762" + }, + { + "name": "1024951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1024951" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-007/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-007/" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0329.json b/2011/0xxx/CVE-2011-0329.json index 8d11926a464..6dbd4e02247 100644 --- a/2011/0xxx/CVE-2011-0329.json +++ b/2011/0xxx/CVE-2011-0329.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-0329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-10/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-10/" - }, - { - "name" : "46443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46443" - }, - { - "name" : "1025094", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025094" - }, - { - "name" : "42880", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the GetData method in the Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 allows remote attackers to read arbitrary files via directory traversal sequences in the fileID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2011-10/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-10/" + }, + { + "name": "46443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46443" + }, + { + "name": "42880", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42880" + }, + { + "name": "1025094", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025094" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1475.json b/2011/1xxx/CVE-2011-1475.json index d86477ec153..5f49b1c9865 100644 --- a/2011/1xxx/CVE-2011-1475.json +++ b/2011/1xxx/CVE-2011-1475.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517363" - }, - { - "name" : "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Apr/97" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957", - "refsource" : "MISC", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1086349", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1086349" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1086352", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1086352" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "47199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47199" - }, - { - "name" : "oval:org.mitre.oval:def:12374", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374" - }, - { - "name" : "1025303", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025303" - }, - { - "name" : "8188", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8188" - }, - { - "name" : "ADV-2011-0894", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0894" - }, - { - "name" : "tomcat-httpbio-info-disclosure(66676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to \"a mix-up of responses for requests from different users.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0894", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0894" + }, + { + "name": "47199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47199" + }, + { + "name": "oval:org.mitre.oval:def:12374", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12374" + }, + { + "name": "8188", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8188" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "1025303", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025303" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957", + "refsource": "MISC", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=50957" + }, + { + "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517363" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1086349", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1086349" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1086352", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1086352" + }, + { + "name": "20110406 [SECURITY] CVE-2011-1475 Apache Tomcat information disclosure", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Apr/97" + }, + { + "name": "tomcat-httpbio-info-disclosure(66676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66676" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1546.json b/2011/1xxx/CVE-2011-1546.json index 2fb2545d8b1..e415f0f2cf8 100644 --- a/2011/1xxx/CVE-2011-1546.json +++ b/2011/1xxx/CVE-2011-1546.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110330 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517261/100/0/threaded" - }, - { - "name" : "17084", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17084/" - }, - { - "name" : "http://www.uncompiled.com/2011/03/cve-2011-1546/", - "refsource" : "MISC", - "url" : "http://www.uncompiled.com/2011/03/cve-2011-1546/" - }, - { - "name" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html", - "refsource" : "CONFIRM", - "url" : "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html" - }, - { - "name" : "47097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47097" - }, - { - "name" : "34476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34476" - }, - { - "name" : "8168", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8168" - }, - { - "name" : "8172", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8172" - }, - { - "name" : "ADV-2011-0802", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0802" - }, - { - "name" : "aphpkb-aviewusers-sql-injection(66500)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66500" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17084", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17084/" + }, + { + "name": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html", + "refsource": "CONFIRM", + "url": "http://aphpkb.blogspot.com/2011/03/this-release-includes-security-fixes.html" + }, + { + "name": "ADV-2011-0802", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0802" + }, + { + "name": "8168", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8168" + }, + { + "name": "34476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34476" + }, + { + "name": "aphpkb-aviewusers-sql-injection(66500)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66500" + }, + { + "name": "8172", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8172" + }, + { + "name": "47097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47097" + }, + { + "name": "http://www.uncompiled.com/2011/03/cve-2011-1546/", + "refsource": "MISC", + "url": "http://www.uncompiled.com/2011/03/cve-2011-1546/" + }, + { + "name": "20110330 'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517261/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1741.json b/2011/1xxx/CVE-2011-1741.json index b1364ef4e9f..8013d374d65 100644 --- a/2011/1xxx/CVE-2011-1741.json +++ b/2011/1xxx/CVE-2011-1741.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-1741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110715 ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518897/100/0/threaded" - }, - { - "name" : "20110718 ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518913/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-236", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-236" - }, - { - "name" : "48712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48712" - }, - { - "name" : "1025790", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025790" - }, - { - "name" : "8311", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48712" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-236", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-236" + }, + { + "name": "8311", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8311" + }, + { + "name": "20110715 ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518897/100/0/threaded" + }, + { + "name": "20110718 ZDI-11-236: EMC Documentum eRoom Indexing Server OpenText HummingBird Connector Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518913/100/0/threaded" + }, + { + "name": "1025790", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025790" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1890.json b/2011/1xxx/CVE-2011-1890.json index d4b73ed4dce..4597c7ad78b 100644 --- a/2011/1xxx/CVE-2011-1890.json +++ b/2011/1xxx/CVE-2011-1890.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka \"Editform Script Injection Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12788", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka \"Editform Script Injection Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" + }, + { + "name": "oval:org.mitre.oval:def:12788", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12788" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4013.json b/2011/4xxx/CVE-2011-4013.json index 954738b92a3..a3997ebef75 100644 --- a/2011/4xxx/CVE-2011-4013.json +++ b/2011/4xxx/CVE-2011-4013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4180.json b/2011/4xxx/CVE-2011-4180.json index 9c3dd5b1e19..c6cd1de9f03 100644 --- a/2011/4xxx/CVE-2011-4180.json +++ b/2011/4xxx/CVE-2011-4180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4271.json b/2011/4xxx/CVE-2011-4271.json index e8e662ae4a6..230f62f0c06 100644 --- a/2011/4xxx/CVE-2011-4271.json +++ b/2011/4xxx/CVE-2011-4271.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4271", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-4271", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4958.json b/2011/4xxx/CVE-2011-4958.json index ab27d1b7e94..fa3433efc4f 100644 --- a/2011/4xxx/CVE-2011-4958.json +++ b/2011/4xxx/CVE-2011-4958.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111008 SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520050/100/0/threaded" - }, - { - "name" : "http://www.rul3z.de/advisories/SSCHADV2011-024.txt", - "refsource" : "MISC", - "url" : "http://www.rul3z.de/advisories/SSCHADV2011-024.txt" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12" - }, - { - "name" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6", - "refsource" : "CONFIRM", - "url" : "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/16c3235", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/16c3235" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/52a895f", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/52a895f" - }, - { - "name" : "https://github.com/silverstripe/sapphire/commit/bdd6391", - "refsource" : "CONFIRM", - "url" : "https://github.com/silverstripe/sapphire/commit/bdd6391" - }, - { - "name" : "76258", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76258" - }, - { - "name" : "46390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders, as demonstrated by a request to (1) admin/reports/, (2) admin/comments/, (3) admin/, (4) admin/show/, (5) admin/assets/, and (6) admin/security/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111008 SilverStripe 2.4.5 Multiple backend Cross-site scripting vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520050/100/0/threaded" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.4.6" + }, + { + "name": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12", + "refsource": "CONFIRM", + "url": "http://doc.silverstripe.org/sapphire/en/trunk/changelogs/2.3.12" + }, + { + "name": "76258", + "refsource": "OSVDB", + "url": "http://osvdb.org/76258" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/bdd6391", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/bdd6391" + }, + { + "name": "46390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46390" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/52a895f", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/52a895f" + }, + { + "name": "https://github.com/silverstripe/sapphire/commit/16c3235", + "refsource": "CONFIRM", + "url": "https://github.com/silverstripe/sapphire/commit/16c3235" + }, + { + "name": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt", + "refsource": "MISC", + "url": "http://www.rul3z.de/advisories/SSCHADV2011-024.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5215.json b/2011/5xxx/CVE-2011-5215.json index d724c39ac6e..5ca5bf451a0 100644 --- a/2011/5xxx/CVE-2011-5215.json +++ b/2011/5xxx/CVE-2011-5215.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/107970/videoportalneu-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/107970/videoportalneu-sql.txt" - }, - { - "name" : "77946", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77946" - }, - { - "name" : "47287", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47287" - }, - { - "name" : "videocommportal-index-sql-injection(71876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "videocommportal-index-sql-injection(71876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71876" + }, + { + "name": "47287", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47287" + }, + { + "name": "http://packetstormsecurity.org/files/107970/videoportalneu-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/107970/videoportalneu-sql.txt" + }, + { + "name": "77946", + "refsource": "OSVDB", + "url": "http://osvdb.org/77946" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2302.json b/2014/2xxx/CVE-2014-2302.json index 1f26cf1c7b9..43ed239af87 100644 --- a/2014/2xxx/CVE-2014-2302.json +++ b/2014/2xxx/CVE-2014-2302.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/532230/100/0/threaded" - }, - { - "name" : "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/May/147" - }, - { - "name" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html" - }, - { - "name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", - "refsource" : "MISC", - "url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004" - }, - { - "name" : "67692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/May/147" + }, + { + "name": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html" + }, + { + "name": "67692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67692" + }, + { + "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004", + "refsource": "MISC", + "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004" + }, + { + "name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2582.json b/2014/2xxx/CVE-2014-2582.json index 88262e03cd9..8b6a76e2695 100644 --- a/2014/2xxx/CVE-2014-2582.json +++ b/2014/2xxx/CVE-2014-2582.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2582", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2582", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2698.json b/2014/2xxx/CVE-2014-2698.json index 889371f28c5..206ecae1ef7 100644 --- a/2014/2xxx/CVE-2014-2698.json +++ b/2014/2xxx/CVE-2014-2698.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2698", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2698", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2962.json b/2014/2xxx/CVE-2014-2962.json index 9ad5cd2a854..50d9e7c848d 100644 --- a/2014/2xxx/CVE-2014-2962.json +++ b/2014/2xxx/CVE-2014-2962.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "38488", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/38488/" - }, - { - "name" : "http://www.belkin.com/us/support-article?articleNum=109400", - "refsource" : "CONFIRM", - "url" : "http://www.belkin.com/us/support-article?articleNum=109400" - }, - { - "name" : "VU#774788", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/774788" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38488", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/38488/" + }, + { + "name": "VU#774788", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/774788" + }, + { + "name": "http://www.belkin.com/us/support-article?articleNum=109400", + "refsource": "CONFIRM", + "url": "http://www.belkin.com/us/support-article?articleNum=109400" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3448.json b/2014/3xxx/CVE-2014-3448.json index 83464bdf528..3604e4f9eab 100644 --- a/2014/3xxx/CVE-2014-3448.json +++ b/2014/3xxx/CVE-2014-3448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3779.json b/2014/3xxx/CVE-2014-3779.json index f211a3bb022..bc99e1c61c6 100644 --- a/2014/3xxx/CVE-2014-3779.json +++ b/2014/3xxx/CVE-2014-3779.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html" - }, - { - "name" : "adselfserviceplus-cve20143779-xss(99612)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adselfserviceplus-cve20143779-xss(99612)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99612" + }, + { + "name": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129803/ADSelfservice-Plus-5.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3943.json b/2014/3xxx/CVE-2014-3943.json index c97bcfd9549..47c305d7c5b 100644 --- a/2014/3xxx/CVE-2014-3943.json +++ b/2014/3xxx/CVE-2014-3943.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140603 Re: CVE ID request: typo3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/06/03/2" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" - }, - { - "name" : "DSA-2942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2942" - }, - { - "name" : "openSUSE-SU-2014:0813", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" - }, - { - "name" : "67625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0813", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" + }, + { + "name": "DSA-2942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2942" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/" + }, + { + "name": "[oss-security] 20140603 Re: CVE ID request: typo3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" + }, + { + "name": "67625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67625" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6294.json b/2014/6xxx/CVE-2014-6294.json index de0240526b0..f9abaaf4f85 100644 --- a/2014/6xxx/CVE-2014-6294.json +++ b/2014/6xxx/CVE-2014-6294.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6585.json b/2014/6xxx/CVE-2014-6585.json index 30f36d52146..b7d0a0a3b5d 100644 --- a/2014/6xxx/CVE-2014-6585.json +++ b/2014/6xxx/CVE-2014-6585.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3144", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3144" - }, - { - "name" : "DSA-3147", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3147" - }, - { - "name" : "DSA-3323", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3323" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201507-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-14" - }, - { - "name" : "HPSBUX03273", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "SSRT101951", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "RHSA-2015:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0136.html" - }, - { - "name" : "RHSA-2015:0068", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0068.html" - }, - { - "name" : "RHSA-2015:0079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html" - }, - { - "name" : "RHSA-2015:0080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" - }, - { - "name" : "RHSA-2015:0085", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0085.html" - }, - { - "name" : "RHSA-2015:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2015:0336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0503", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" - }, - { - "name" : "USN-2486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2486-1" - }, - { - "name" : "USN-2487-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2487-1" - }, - { - "name" : "72173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72173" - }, - { - "name" : "1031580", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0503", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" + }, + { + "name": "DSA-3144", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3144" + }, + { + "name": "RHSA-2015:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html" + }, + { + "name": "RHSA-2015:0079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "USN-2487-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2487-1" + }, + { + "name": "RHSA-2015:0085", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "RHSA-2015:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "SUSE-SU-2015:0336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" + }, + { + "name": "RHSA-2015:0080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" + }, + { + "name": "RHSA-2015:0068", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" + }, + { + "name": "USN-2486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2486-1" + }, + { + "name": "GLSA-201507-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-14" + }, + { + "name": "SSRT101951", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" + }, + { + "name": "DSA-3323", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3323" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "openSUSE-SU-2015:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" + }, + { + "name": "72173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72173" + }, + { + "name": "HPSBUX03273", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "1031580", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031580" + }, + { + "name": "DSA-3147", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3147" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6811.json b/2014/6xxx/CVE-2014-6811.json index 75a3b801659..a7a0f39cdf3 100644 --- a/2014/6xxx/CVE-2014-6811.json +++ b/2014/6xxx/CVE-2014-6811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6811", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6916.json b/2014/6xxx/CVE-2014-6916.json index afdac7a5d07..93ff3c02c78 100644 --- a/2014/6xxx/CVE-2014-6916.json +++ b/2014/6xxx/CVE-2014-6916.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#799329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/799329" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#799329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/799329" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7073.json b/2014/7xxx/CVE-2014-7073.json index 9766ebfeae2..4e444040ec9 100644 --- a/2014/7xxx/CVE-2014-7073.json +++ b/2014/7xxx/CVE-2014-7073.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#619545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/619545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#619545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/619545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7519.json b/2014/7xxx/CVE-2014-7519.json index c23c3d28f61..4d51dc55c53 100644 --- a/2014/7xxx/CVE-2014-7519.json +++ b/2014/7xxx/CVE-2014-7519.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7519", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7519", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#416177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/416177" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#416177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/416177" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7529.json b/2014/7xxx/CVE-2014-7529.json index 3ab439949a1..8af4231fea1 100644 --- a/2014/7xxx/CVE-2014-7529.json +++ b/2014/7xxx/CVE-2014-7529.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#743361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/743361" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application 0.18.13146.42280 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#743361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/743361" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7852.json b/2014/7xxx/CVE-2014-7852.json index 8b1e6a65e37..6214d574323 100644 --- a/2014/7xxx/CVE-2014-7852.json +++ b/2014/7xxx/CVE-2014-7852.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-7852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2014:1973", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1973.html" - }, - { - "name" : "1031363", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031363", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031363" + }, + { + "name": "RHSA-2014:1973", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1973.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7951.json b/2014/7xxx/CVE-2014-7951.json index a6e7ec11efd..58f0c8d53d6 100644 --- a/2014/7xxx/CVE-2014-7951.json +++ b/2014/7xxx/CVE-2014-7951.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7951", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7951", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/999xxx/CVE-2014-999999.json b/2014/999xxx/CVE-2014-999999.json index de88d5bd01d..a3dcc4bb914 100644 --- a/2014/999xxx/CVE-2014-999999.json +++ b/2014/999xxx/CVE-2014-999999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-999999", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-999999", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This ID is frequently used as an example of the 2014 CVE-ID syntax change, which allows more than 4 digits in the sequence number. Notes: See references." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2164.json b/2016/2xxx/CVE-2016-2164.json index 7e08e4ca156..8b465d62274 100644 --- a/2016/2xxx/CVE-2016-2164.json +++ b/2016/2xxx/CVE-2016-2164.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/537887/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html" - }, - { - "name" : "http://openmeetings.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://openmeetings.apache.org/security.html" - }, - { - "name" : "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html" + }, + { + "name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", + "refsource": "CONFIRM", + "url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG" + }, + { + "name": "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded" + }, + { + "name": "http://openmeetings.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://openmeetings.apache.org/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2240.json b/2016/2xxx/CVE-2016-2240.json index f9c0fc45223..e5cc24af145 100644 --- a/2016/2xxx/CVE-2016-2240.json +++ b/2016/2xxx/CVE-2016-2240.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2240", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2240", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2483.json b/2016/2xxx/CVE-2016-2483.json index 223d93f69fd..350043d19ab 100644 --- a/2016/2xxx/CVE-2016-2483.json +++ b/2016/2xxx/CVE-2016-2483.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-06-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-06-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27662502." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d" + }, + { + "name": "http://source.android.com/security/bulletin/2016-06-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-06-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0193.json b/2017/0xxx/CVE-2017-0193.json index 6fa4b2ce75d..75fddeb6048 100644 --- a/2017/0xxx/CVE-2017-0193.json +++ b/2017/0xxx/CVE-2017-0193.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka \"Hypervisor Code Integrity Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193" - }, - { - "name" : "98878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98878" - }, - { - "name" : "1038670", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka \"Hypervisor Code Integrity Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038670", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038670" + }, + { + "name": "98878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98878" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0193" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0274.json b/2017/0xxx/CVE-2017-0274.json index 58b49e1b6bd..e9adc58af9d 100644 --- a/2017/0xxx/CVE-2017-0274.json +++ b/2017/0xxx/CVE-2017-0274.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Message Block 1.0", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Message Block 1.0", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274" - }, - { - "name" : "98266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0274" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "98266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98266" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1056.json b/2017/1xxx/CVE-2017-1056.json index 478d6b26163..26dd5cdd7c0 100644 --- a/2017/1xxx/CVE-2017-1056.json +++ b/2017/1xxx/CVE-2017-1056.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1056", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1056", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1259.json b/2017/1xxx/CVE-2017-1259.json index 58e497b9a48..834375f6d6e 100644 --- a/2017/1xxx/CVE-2017-1259.json +++ b/2017/1xxx/CVE-2017-1259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1834.json b/2017/1xxx/CVE-2017-1834.json index 5241af49cc1..ab36c835d28 100644 --- a/2017/1xxx/CVE-2017-1834.json +++ b/2017/1xxx/CVE-2017-1834.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1834", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1834", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5455.json b/2017/5xxx/CVE-2017-5455.json index c2ad73e147a..97b28f3d17c 100644 --- a/2017/5xxx/CVE-2017-5455.json +++ b/2017/5xxx/CVE-2017-5455.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sandbox escape through internal feed reader APIs" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sandbox escape through internal feed reader APIs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1341191" + }, + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5499.json b/2017/5xxx/CVE-2017-5499.json index ca66ee83723..0308e230cd6 100644 --- a/2017/5xxx/CVE-2017-5499.json +++ b/2017/5xxx/CVE-2017-5499.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/" - }, - { - "name" : "95666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/" + }, + { + "name": "95666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95666" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5919.json b/2017/5xxx/CVE-2017-5919.json index 50a0518b88c..037de3dc4fb 100644 --- a/2017/5xxx/CVE-2017-5919.json +++ b/2017/5xxx/CVE-2017-5919.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file