diff --git a/2006/2xxx/CVE-2006-2596.json b/2006/2xxx/CVE-2006-2596.json index ee692161610..1f68abaef5c 100644 --- a/2006/2xxx/CVE-2006-2596.json +++ b/2006/2xxx/CVE-2006-2596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2596", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2584. Reason: This candidate is a duplicate of CVE-2006-2584. Notes: All CVE users should reference CVE-2006-2584 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-2596", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2584. Reason: This candidate is a duplicate of CVE-2006-2584. Notes: All CVE users should reference CVE-2006-2584 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3068.json b/2006/3xxx/CVE-2006-3068.json index 7974bcdc8f0..486591b2ec8 100644 --- a/2006/3xxx/CVE-2006-3068.json +++ b/2006/3xxx/CVE-2006-3068.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending \"incorrect information ... regarding the package name/creator,\" which leads to a \"memory overwrite.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY79204", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY79204" - }, - { - "name" : "ADV-2006-2332", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2332" - }, - { - "name" : "29862", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29862" - }, - { - "name" : "20579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending \"incorrect information ... regarding the package name/creator,\" which leads to a \"memory overwrite.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY79204", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY79204" + }, + { + "name": "29862", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29862" + }, + { + "name": "20579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20579" + }, + { + "name": "ADV-2006-2332", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2332" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3109.json b/2006/3xxx/CVE-2006-3109.json index e20f176dea8..0caaeb56feb 100644 --- a/2006/3xxx/CVE-2006-3109.json +++ b/2006/3xxx/CVE-2006-3109.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html" - }, - { - "name" : "20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437757/100/0/threaded" - }, - { - "name" : "20060620 Re: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html" - }, - { - "name" : "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm", - "refsource" : "MISC", - "url" : "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm" - }, - { - "name" : "20060619 Cisco Response to: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html" - }, - { - "name" : "18504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18504" - }, - { - "name" : "ADV-2006-2443", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2443" - }, - { - "name" : "26651", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26651" - }, - { - "name" : "26652", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26652" - }, - { - "name" : "1016328", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016328" - }, - { - "name" : "20735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20735" - }, - { - "name" : "1114", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1114" - }, - { - "name" : "cisco-callmanager-web-xss(27225)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27225" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/phonelist.asp and (2) arbitrary parameters in ccmuser/logon.asp, aka bugid CSCsb68657." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1114", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1114" + }, + { + "name": "26651", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26651" + }, + { + "name": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm", + "refsource": "MISC", + "url": "http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+CallManager+XSS+Advisory.htm" + }, + { + "name": "20060619 Cisco Response to: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_security_response09186a00806c0846.html" + }, + { + "name": "18504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18504" + }, + { + "name": "20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047015.html" + }, + { + "name": "cisco-callmanager-web-xss(27225)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27225" + }, + { + "name": "1016328", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016328" + }, + { + "name": "20060620 Re: Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047019.html" + }, + { + "name": "20735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20735" + }, + { + "name": "ADV-2006-2443", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2443" + }, + { + "name": "20060619 Input Validation/Output Encoding Vulnerabilities in Cisco CallManager Allow Script Injection Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437757/100/0/threaded" + }, + { + "name": "26652", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26652" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3457.json b/2006/3xxx/CVE-2006-3457.json index bdd9bb6f33e..4ab2d97f20c 100644 --- a/2006/3xxx/CVE-2006-3457.json +++ b/2006/3xxx/CVE-2006-3457.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060801 SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441850/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2006.08.01a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2006.08.01a.html" - }, - { - "name" : "19248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19248" - }, - { - "name" : "ADV-2006-3097", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3097" - }, - { - "name" : "1016619", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016619" - }, - { - "name" : "21280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21280" - }, - { - "name" : "symantec-ondemand-weak-encryption(28181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016619", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016619" + }, + { + "name": "19248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19248" + }, + { + "name": "20060801 SYM06-013 Symantec On-Demand Protection Encrypted Data Exposure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441850/100/0/threaded" + }, + { + "name": "symantec-ondemand-weak-encryption(28181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28181" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2006.08.01a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2006.08.01a.html" + }, + { + "name": "ADV-2006-3097", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3097" + }, + { + "name": "21280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21280" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3881.json b/2006/3xxx/CVE-2006-3881.json index 5e6712abc3a..4cc65d45771 100644 --- a/2006/3xxx/CVE-2006-3881.json +++ b/2006/3xxx/CVE-2006-3881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441000/100/0/threaded" - }, - { - "name" : "1284", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1284" - }, - { - "name" : "musicbox-multiple-xss(27925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1284", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1284" + }, + { + "name": "20060724 MusicBox <= 2.3.4 XSS SQL injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441000/100/0/threaded" + }, + { + "name": "musicbox-multiple-xss(27925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27925" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3933.json b/2006/3xxx/CVE-2006-3933.json index aaa96238fab..6f61b744e73 100644 --- a/2006/3xxx/CVE-2006-3933.json +++ b/2006/3xxx/CVE-2006-3933.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060726 Multiple vulnerabilities in OpenCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441182/100/0/threaded" - }, - { - "name" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", - "refsource" : "MISC", - "url" : "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" - }, - { - "name" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", - "refsource" : "MISC", - "url" : "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" - }, - { - "name" : "http://www.opencms.org/opencms/en/shownews.html?id=1002", - "refsource" : "MISC", - "url" : "http://www.opencms.org/opencms/en/shownews.html?id=1002" - }, - { - "name" : "21193", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21193" - }, - { - "name" : "1302", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1302" - }, - { - "name" : "opencms-message-xss(28033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21193", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21193" + }, + { + "name": "http://www.opencms.org/opencms/en/shownews.html?id=1002", + "refsource": "MISC", + "url": "http://www.opencms.org/opencms/en/shownews.html?id=1002" + }, + { + "name": "1302", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1302" + }, + { + "name": "20060726 Multiple vulnerabilities in OpenCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441182/100/0/threaded" + }, + { + "name": "opencms-message-xss(28033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28033" + }, + { + "name": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt", + "refsource": "MISC", + "url": "http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt" + }, + { + "name": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip", + "refsource": "MISC", + "url": "http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6062.json b/2006/6xxx/CVE-2006-6062.json index 1f0266f05d9..f12944d7a9d 100644 --- a/2006/6xxx/CVE-2006-6062.json +++ b/2006/6xxx/CVE-2006-6062.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with \"bad sectors,\" which triggers memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/mokb/MOKB-21-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-21-11-2006.html" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "21201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21201" - }, - { - "name" : "21236", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21236" - }, - { - "name" : "ADV-2006-4629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4629" - }, - { - "name" : "ADV-2006-4653", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4653" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "30510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30510" - }, - { - "name" : "1017260", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017260" - }, - { - "name" : "1017751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017751" - }, - { - "name" : "23012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23012" - }, - { - "name" : "23062", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23062" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "macosx-dmg-code-execution(30440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440" - }, - { - "name" : "macosx-udtohfs-dos(30463)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30463" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with \"bad sectors,\" which triggers memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21236", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21236" + }, + { + "name": "30510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30510" + }, + { + "name": "macosx-udtohfs-dos(30463)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30463" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-21-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-21-11-2006.html" + }, + { + "name": "1017751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017751" + }, + { + "name": "23012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23012" + }, + { + "name": "ADV-2006-4629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4629" + }, + { + "name": "23062", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23062" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "1017260", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017260" + }, + { + "name": "ADV-2006-4653", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4653" + }, + { + "name": "21201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21201" + }, + { + "name": "macosx-dmg-code-execution(30440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6231.json b/2006/6xxx/CVE-2006-6231.json index f74b1009d2c..62dad30c707 100644 --- a/2006/6xxx/CVE-2006-6231.json +++ b/2006/6xxx/CVE-2006-6231.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060618 vuBB <= 0.2.1 [BFA] SQL Injection Exploit + Advisory link", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437657/100/200/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/vubb021b.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/vubb021b.txt" - }, - { - "name" : "ADV-2006-2458", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2458" - }, - { - "name" : "1948", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1948" - }, - { - "name" : "vubb-multiple-path-disclosure(27299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1948", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1948" + }, + { + "name": "20060618 vuBB <= 0.2.1 [BFA] SQL Injection Exploit + Advisory link", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437657/100/200/threaded" + }, + { + "name": "vubb-multiple-path-disclosure(27299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27299" + }, + { + "name": "http://www.acid-root.new.fr/advisories/vubb021b.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/vubb021b.txt" + }, + { + "name": "ADV-2006-2458", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2458" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6675.json b/2006/6xxx/CVE-2006-6675.json index b5e4807e86a..5572a7b311c 100644 --- a/2006/6xxx/CVE-2006-6675.json +++ b/2006/6xxx/CVE-2006-6675.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html", - "refsource" : "CONFIRM", - "url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html" - }, - { - "name" : "21678", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21678" - }, - { - "name" : "ADV-2006-5090", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5090" - }, - { - "name" : "23406", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5090", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5090" + }, + { + "name": "21678", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21678" + }, + { + "name": "https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html", + "refsource": "CONFIRM", + "url": "https://secure-support.novell.com/KanisaPlatform/Publishing/514/3319127_f.SAL_Public.html" + }, + { + "name": "23406", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23406" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6888.json b/2006/6xxx/CVE-2006-6888.json index 22ac085327d..b4e4e1be4ae 100644 --- a/2006/6xxx/CVE-2006-6888.json +++ b/2006/6xxx/CVE-2006-6888.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3054" - }, - { - "name" : "pnews-user-info-disclosure(31197)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31197" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pnews-user-info-disclosure(31197)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31197" + }, + { + "name": "3054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3054" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7093.json b/2006/7xxx/CVE-2006-7093.json index 36c2820ee7b..41ed728dcf2 100644 --- a/2006/7xxx/CVE-2006-7093.json +++ b/2006/7xxx/CVE-2006-7093.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mamboxchange.com/forum/forum.php?forum_id=7767", - "refsource" : "CONFIRM", - "url" : "http://mamboxchange.com/forum/forum.php?forum_id=7767" - }, - { - "name" : "20458", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20458/info" - }, - { - "name" : "ADV-2006-3953", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3953" - }, - { - "name" : "22263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20458", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20458/info" + }, + { + "name": "ADV-2006-3953", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3953" + }, + { + "name": "22263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22263" + }, + { + "name": "http://mamboxchange.com/forum/forum.php?forum_id=7767", + "refsource": "CONFIRM", + "url": "http://mamboxchange.com/forum/forum.php?forum_id=7767" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2220.json b/2010/2xxx/CVE-2010-2220.json index 80575aed931..c206eba5d5e 100644 --- a/2010/2xxx/CVE-2010-2220.json +++ b/2010/2xxx/CVE-2010-2220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to an \"input validation issue.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-2220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-19.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to cause a denial of service via unspecified vectors, related to an \"input validation issue.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-19.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-19.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0573.json b/2011/0xxx/CVE-2011-0573.json index d8da9c3aafe..dc67132b79e 100644 --- a/2011/0xxx/CVE-2011-0573.json +++ b/2011/0xxx/CVE-2011-0573.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-02.html" - }, - { - "name" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", - "refsource" : "CONFIRM", - "url" : "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" - }, - { - "name" : "RHSA-2011:0206", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0206.html" - }, - { - "name" : "RHSA-2011:0259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0259.html" - }, - { - "name" : "RHSA-2011:0368", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0368.html" - }, - { - "name" : "SUSE-SA:2011:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" - }, - { - "name" : "46192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46192" - }, - { - "name" : "70917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70917" - }, - { - "name" : "oval:org.mitre.oval:def:14172", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14172" - }, - { - "name" : "oval:org.mitre.oval:def:16262", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16262" - }, - { - "name" : "1025055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025055" - }, - { - "name" : "43267", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43267" - }, - { - "name" : "43292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43292" - }, - { - "name" : "43340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43340" - }, - { - "name" : "43351", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43351" - }, - { - "name" : "43747", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43747" - }, - { - "name" : "ADV-2011-0348", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0348" - }, - { - "name" : "ADV-2011-0383", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0383" - }, - { - "name" : "ADV-2011-0402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0402" - }, - { - "name" : "ADV-2011-0646", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0646" - }, - { - "name" : "player-unspec-code-execution(65236)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0574, CVE-2011-0578, CVE-2011-0607, and CVE-2011-0608." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0348", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0348" + }, + { + "name": "1025055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025055" + }, + { + "name": "player-unspec-code-execution(65236)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65236" + }, + { + "name": "oval:org.mitre.oval:def:16262", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16262" + }, + { + "name": "ADV-2011-0646", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0646" + }, + { + "name": "43267", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43267" + }, + { + "name": "43292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43292" + }, + { + "name": "43351", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43351" + }, + { + "name": "43340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43340" + }, + { + "name": "ADV-2011-0383", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0383" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-02.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" + }, + { + "name": "oval:org.mitre.oval:def:14172", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14172" + }, + { + "name": "70917", + "refsource": "OSVDB", + "url": "http://osvdb.org/70917" + }, + { + "name": "43747", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43747" + }, + { + "name": "ADV-2011-0402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0402" + }, + { + "name": "RHSA-2011:0259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0259.html" + }, + { + "name": "46192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46192" + }, + { + "name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2", + "refsource": "CONFIRM", + "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash2" + }, + { + "name": "RHSA-2011:0206", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0206.html" + }, + { + "name": "SUSE-SA:2011:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00003.html" + }, + { + "name": "RHSA-2011:0368", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0368.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0624.json b/2011/0xxx/CVE-2011-0624.json index 1608a6bf1ef..1ced76ec3d6 100644 --- a/2011/0xxx/CVE-2011-0624.json +++ b/2011/0xxx/CVE-2011-0624.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-12.html" - }, - { - "name" : "SUSE-SA:2011:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:13924", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13924" - }, - { - "name" : "oval:org.mitre.oval:def:16010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a \"bounds checking\" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:13924", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13924" + }, + { + "name": "oval:org.mitre.oval:def:16010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16010" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-12.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" + }, + { + "name": "SUSE-SA:2011:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0769.json b/2011/0xxx/CVE-2011-0769.json index eed98a5f2b4..077f7b57e0d 100644 --- a/2011/0xxx/CVE-2011-0769.json +++ b/2011/0xxx/CVE-2011-0769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0769", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0769", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0811.json b/2011/0xxx/CVE-2011-0811.json index 8155e6ca745..28c6dc805fd 100644 --- a/2011/0xxx/CVE-2011-0811.json +++ b/2011/0xxx/CVE-2011-0811.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0815.json b/2011/0xxx/CVE-2011-0815.json index afdf625fee4..3737613bd10 100644 --- a/2011/0xxx/CVE-2011-0815.json +++ b/2011/0xxx/CVE-2011-0815.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02697", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "SSRT100591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBUX02777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100854", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728004526190&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "SUSE-SA:2011:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2011:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" - }, - { - "name" : "SUSE-SA:2011:036", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" - }, - { - "name" : "SUSE-SU-2011:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2011:0863", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" - }, - { - "name" : "SUSE-SU-2011:0966", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" - }, - { - "name" : "openSUSE-SU-2011:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14335", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14335" - }, - { - "name" : "oval:org.mitre.oval:def:14896", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14896" - }, - { - "name" : "44930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44930" - }, - { - "name" : "49198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49198" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" + }, + { + "name": "SUSE-SU-2011:0863", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "SUSE-SA:2011:036", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00022.html" + }, + { + "name": "SUSE-SA:2011:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" + }, + { + "name": "SUSE-SU-2011:0966", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00025.html" + }, + { + "name": "44930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44930" + }, + { + "name": "SUSE-SA:2011:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" + }, + { + "name": "SSRT100591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "49198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49198" + }, + { + "name": "oval:org.mitre.oval:def:14335", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14335" + }, + { + "name": "SUSE-SU-2011:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" + }, + { + "name": "openSUSE-SU-2011:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "HPSBUX02777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "oval:org.mitre.oval:def:14896", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14896" + }, + { + "name": "HPSBUX02697", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "SSRT100854", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728004526190&w=2" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1420.json b/2011/1xxx/CVE-2011-1420.json index aa2888d0688..1f26cd875ee 100644 --- a/2011/1xxx/CVE-2011-1420.json +++ b/2011/1xxx/CVE-2011-1420.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-1420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110325 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/517179/100/0/threaded" - }, - { - "name" : "47036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47036" - }, - { - "name" : "1025253", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025253" - }, - { - "name" : "43893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43893" - }, - { - "name" : "8169", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8169" - }, - { - "name" : "ADV-2011-0783", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0783" - }, - { - "name" : "emc-dataprotection-permissions-priv-esc(66323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47036" + }, + { + "name": "20110325 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded" + }, + { + "name": "8169", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8169" + }, + { + "name": "1025253", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025253" + }, + { + "name": "emc-dataprotection-permissions-priv-esc(66323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323" + }, + { + "name": "ADV-2011-0783", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0783" + }, + { + "name": "43893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43893" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1434.json b/2011/1xxx/CVE-2011-1434.json index 7cd6f49da68..7dbdf71181b 100644 --- a/2011/1xxx/CVE-2011-1434.json +++ b/2011/1xxx/CVE-2011-1434.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=71586", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=71586" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14196", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14196" - }, - { - "name" : "chrome-thread-safety-code-exec(67141)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 11.0.696.57 does not ensure thread safety during handling of MIME data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=71586", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=71586" + }, + { + "name": "oval:org.mitre.oval:def:14196", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14196" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html" + }, + { + "name": "chrome-thread-safety-code-exec(67141)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67141" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1583.json b/2011/1xxx/CVE-2011-1583.json index 38f5f201aa7..d8d265add2f 100644 --- a/2011/1xxx/CVE-2011-1583.json +++ b/2011/1xxx/CVE-2011-1583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html" - }, - { - "name" : "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation", - "refsource" : "MLIST", - "url" : "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html" - }, - { - "name" : "RHSA-2011:0496", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0496.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html" + }, + { + "name": "RHSA-2011:0496", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0496.html" + }, + { + "name": "[Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation", + "refsource": "MLIST", + "url": "http://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1667.json b/2011/1xxx/CVE-2011-1667.json index 26037af1313..9b7b03d1fd9 100644 --- a/2011/1xxx/CVE-2011-1667.json +++ b/2011/1xxx/CVE-2011-1667.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17102", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17102" - }, - { - "name" : "http://packetstormsecurity.org/files/view/100006/anzeigenmarkt-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/100006/anzeigenmarkt-sql.txt" - }, - { - "name" : "47136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47136" - }, - { - "name" : "71463", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71463" - }, - { - "name" : "44005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44005" - }, - { - "name" : "8192", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8192" - }, - { - "name" : "anzeigenmarkt-index-sql-injection(66551)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66551" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/view/100006/anzeigenmarkt-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/100006/anzeigenmarkt-sql.txt" + }, + { + "name": "17102", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17102" + }, + { + "name": "71463", + "refsource": "OSVDB", + "url": "http://osvdb.org/71463" + }, + { + "name": "anzeigenmarkt-index-sql-injection(66551)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66551" + }, + { + "name": "8192", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8192" + }, + { + "name": "47136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47136" + }, + { + "name": "44005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44005" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1911.json b/2011/1xxx/CVE-2011-1911.json index e5de3670d57..51fe925c4f7 100644 --- a/2011/1xxx/CVE-2011-1911.json +++ b/2011/1xxx/CVE-2011-1911.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-1911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html", - "refsource" : "MISC", - "url" : "http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html" - }, - { - "name" : "http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8ELLJC", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8ELLJC" - }, - { - "name" : "VU#519588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/519588" - }, - { - "name" : "49649", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49649" - }, - { - "name" : "jasperreports-flowexecutionkey-csrf(69849)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 uses a predictable _flowExecutionKey parameter, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a brute-force approach." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf", + "refsource": "MISC", + "url": "http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf" + }, + { + "name": "http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html", + "refsource": "MISC", + "url": "http://www.csirtcv.gva.es/es/alertas/vulnerabilidad-en-jasperserver.html" + }, + { + "name": "jasperreports-flowexecutionkey-csrf(69849)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69849" + }, + { + "name": "VU#519588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/519588" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8ELLJC", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8ELLJC" + }, + { + "name": "49649", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49649" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3065.json b/2011/3xxx/CVE-2011-3065.json index 83975f08f89..c67936e9b74 100644 --- a/2011/3xxx/CVE-2011-3065.json +++ b/2011/3xxx/CVE-2011-3065.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=117588", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=117588" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "52762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52762" - }, - { - "name" : "80743", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80743" - }, - { - "name" : "oval:org.mitre.oval:def:15415", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415" - }, - { - "name" : "1026877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026877" - }, - { - "name" : "48618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48618" - }, - { - "name" : "48691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48691" - }, - { - "name" : "48763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48763" - }, - { - "name" : "google-skia-code-execution(74415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-skia-code-execution(74415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74415" + }, + { + "name": "1026877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026877" + }, + { + "name": "48618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48618" + }, + { + "name": "48691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48691" + }, + { + "name": "oval:org.mitre.oval:def:15415", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15415" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=117588", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=117588" + }, + { + "name": "52762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52762" + }, + { + "name": "80743", + "refsource": "OSVDB", + "url": "http://osvdb.org/80743" + }, + { + "name": "48763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48763" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3592.json b/2011/3xxx/CVE-2011-3592.json index 25a9071b325..bc3a09b1c8e 100644 --- a/2011/3xxx/CVE-2011-3592.json +++ b/2011/3xxx/CVE-2011-3592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/30/8" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=738681", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=738681" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/2f28ce9c800274190418da0945ce3647d36e1db6" + }, + { + "name": "[oss-security] 20110930 Re: CVE Request --- phpMyAdmin -- Multiple XSS flaws in versions v3.4.0 to v3.4.4 (PMASA-2011-14)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/30/8" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=738681", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=738681" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4065.json b/2011/4xxx/CVE-2011-4065.json index 26175656a0c..d4af6957eb9 100644 --- a/2011/4xxx/CVE-2011-4065.json +++ b/2011/4xxx/CVE-2011-4065.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4065", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4065", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4236.json b/2011/4xxx/CVE-2011-4236.json index 214a9475d60..c0ce24b0062 100644 --- a/2011/4xxx/CVE-2011-4236.json +++ b/2011/4xxx/CVE-2011-4236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4591.json b/2011/4xxx/CVE-2011-4591.json index 943c6a5ed07..c540e72ad27 100644 --- a/2011/4xxx/CVE-2011-4591.json +++ b/2011/4xxx/CVE-2011-4591.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=187672608ec96659e07f2461b3b83634debd16cb", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=187672608ec96659e07f2461b3b83634debd16cb" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191760", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191760" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191760", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191760" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=187672608ec96659e07f2461b3b83634debd16cb", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=187672608ec96659e07f2461b3b83634debd16cb" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4648.json b/2011/4xxx/CVE-2011-4648.json index 0aaafbc86ec..71b1100d472 100644 --- a/2011/4xxx/CVE-2011-4648.json +++ b/2011/4xxx/CVE-2011-4648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4924.json b/2011/4xxx/CVE-2011-4924.json index 5a86dcec775..9ce81db715d 100644 --- a/2011/4xxx/CVE-2011-4924.json +++ b/2011/4xxx/CVE-2011-4924.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4924", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4924", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5377.json b/2013/5xxx/CVE-2013-5377.json index 268e3d08c0a..5bc8e1b91a8 100644 --- a/2013/5xxx/CVE-2013-5377.json +++ b/2013/5xxx/CVE-2013-5377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5377", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5377", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5907.json b/2013/5xxx/CVE-2013-5907.json index 315bae92b81..dad82515af7 100644 --- a/2013/5xxx/CVE-2013-5907.json +++ b/2013/5xxx/CVE-2013-5907.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1052915", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1052915" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" - }, - { - "name" : "HPSBUX02972", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "HPSBUX02973", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "SSRT101454", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2" - }, - { - "name" : "SSRT101455", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139402749111889&w=2" - }, - { - "name" : "RHSA-2014:0026", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0026.html" - }, - { - "name" : "RHSA-2014:0027", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0027.html" - }, - { - "name" : "RHSA-2014:0097", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0097.html" - }, - { - "name" : "RHSA-2014:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0136.html" - }, - { - "name" : "RHSA-2014:0030", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html" - }, - { - "name" : "RHSA-2014:0134", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0134.html" - }, - { - "name" : "RHSA-2014:0135", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0135.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "openSUSE-SU-2014:0174", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" - }, - { - "name" : "SUSE-SU-2014:0246", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" - }, - { - "name" : "SUSE-SU-2014:0266", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" - }, - { - "name" : "openSUSE-SU-2014:0177", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" - }, - { - "name" : "openSUSE-SU-2014:0180", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0451", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" - }, - { - "name" : "USN-2089-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2089-1" - }, - { - "name" : "USN-2124-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2124-1" - }, - { - "name" : "64758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64758" - }, - { - "name" : "64894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64894" - }, - { - "name" : "101995", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/101995" - }, - { - "name" : "1029608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029608" - }, - { - "name" : "56432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56432" - }, - { - "name" : "56485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56485" - }, - { - "name" : "56486", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56486" - }, - { - "name" : "56487", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56487" - }, - { - "name" : "56535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is due to incorrect input validation in LookupProcessor.cpp in the ICU Layout Engine, which allows attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56432" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "RHSA-2014:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0136.html" + }, + { + "name": "openSUSE-SU-2014:0174", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00105.html" + }, + { + "name": "SSRT101455", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1052915", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052915" + }, + { + "name": "RHSA-2014:0135", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0135.html" + }, + { + "name": "56535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56535" + }, + { + "name": "USN-2089-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2089-1" + }, + { + "name": "101995", + "refsource": "OSVDB", + "url": "http://osvdb.org/101995" + }, + { + "name": "RHSA-2014:0030", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html" + }, + { + "name": "64894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64894" + }, + { + "name": "RHSA-2014:0097", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0097.html" + }, + { + "name": "56485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56485" + }, + { + "name": "SSRT101454", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1" + }, + { + "name": "HPSBUX02972", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2" + }, + { + "name": "RHSA-2014:0027", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0027.html" + }, + { + "name": "56486", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56486" + }, + { + "name": "SUSE-SU-2014:0451", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00024.html" + }, + { + "name": "HPSBUX02973", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139402749111889&w=2" + }, + { + "name": "1029608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029608" + }, + { + "name": "USN-2124-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2124-1" + }, + { + "name": "56487", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56487" + }, + { + "name": "SUSE-SU-2014:0266", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00012.html" + }, + { + "name": "RHSA-2014:0026", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0026.html" + }, + { + "name": "64758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64758" + }, + { + "name": "SUSE-SU-2014:0246", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00009.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html" + }, + { + "name": "RHSA-2014:0134", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0134.html" + }, + { + "name": "openSUSE-SU-2014:0180", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2014:0177", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00107.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2469.json b/2014/2xxx/CVE-2014-2469.json index b3c6d9b9b91..277f7fccfa5 100644 --- a/2014/2xxx/CVE-2014-2469.json +++ b/2014/2xxx/CVE-2014-2469.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of" - }, - { - "name" : "66599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66599" - }, - { - "name" : "105298", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/105298" - }, - { - "name" : "1029999", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1029999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029999", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1029999" + }, + { + "name": "105298", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/105298" + }, + { + "name": "66599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66599" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2014_2469_denial_of" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6098.json b/2014/6xxx/CVE-2014-6098.json index bb2615774a2..974396cadba 100644 --- a/2014/6xxx/CVE-2014-6098.json +++ b/2014/6xxx/CVE-2014-6098.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779" - }, - { - "name" : "IV66496", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496" - }, - { - "name" : "IV66624", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624" - }, - { - "name" : "IV66635", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635" - }, - { - "name" : "IV66637", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637" - }, - { - "name" : "IV66642", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642" - }, - { - "name" : "IV66645", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645" - }, - { - "name" : "62363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62363" - }, - { - "name" : "ibm-sim-cve20146098-info-disc(95961)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV66624", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624" + }, + { + "name": "IV66642", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779" + }, + { + "name": "IV66635", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635" + }, + { + "name": "IV66496", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496" + }, + { + "name": "ibm-sim-cve20146098-info-disc(95961)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95961" + }, + { + "name": "62363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62363" + }, + { + "name": "IV66637", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637" + }, + { + "name": "IV66645", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6180.json b/2014/6xxx/CVE-2014-6180.json index 85d318c393b..1ac6dbb14b8 100644 --- a/2014/6xxx/CVE-2014-6180.json +++ b/2014/6xxx/CVE-2014-6180.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693381", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693381" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21693384", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21693384" - }, - { - "name" : "IV01657", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV01657" - }, - { - "name" : "ibm-wsrr-cve20146180-xss(98515)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693384", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693384" + }, + { + "name": "IV01657", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV01657" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21693381", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21693381" + }, + { + "name": "ibm-wsrr-cve20146180-xss(98515)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98515" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6555.json b/2014/6xxx/CVE-2014-6555.json index 0ee6b809573..4067efb08db 100644 --- a/2014/6xxx/CVE-2014-6555.json +++ b/2014/6xxx/CVE-2014-6555.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201411-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70530" - }, - { - "name" : "61579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61579" - }, - { - "name" : "62073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62073" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "70530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70530" + }, + { + "name": "GLSA-201411-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61579" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7226.json b/2014/7xxx/CVE-2014-7226.json index 5bf621befe6..1a34cf331c9 100644 --- a/2014/7xxx/CVE-2014-7226.json +++ b/2014/7xxx/CVE-2014-7226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "34852", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/34852" - }, - { - "name" : "http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html" - }, - { - "name" : "http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/", - "refsource" : "CONFIRM", - "url" : "http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/" - }, - { - "name" : "70216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70216" + }, + { + "name": "http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html" + }, + { + "name": "34852", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/34852" + }, + { + "name": "http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/", + "refsource": "CONFIRM", + "url": "http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7240.json b/2014/7xxx/CVE-2014-7240.json index a15fe5ed182..2d180ee2f91 100644 --- a/2014/7xxx/CVE-2014-7240.json +++ b/2014/7xxx/CVE-2014-7240.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://g0blin.co.uk/cve-2014-7240/", - "refsource" : "MISC", - "url" : "https://g0blin.co.uk/cve-2014-7240/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8234", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8234" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://g0blin.co.uk/cve-2014-7240/", + "refsource": "MISC", + "url": "https://g0blin.co.uk/cve-2014-7240/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8234", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8234" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7793.json b/2014/7xxx/CVE-2014-7793.json index 1b99228a1cf..c7843e91cdd 100644 --- a/2014/7xxx/CVE-2014-7793.json +++ b/2014/7xxx/CVE-2014-7793.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#747321", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/747321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#747321", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/747321" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0060.json b/2017/0xxx/CVE-2017-0060.json index 262df8b7c83..a32afd1745f 100644 --- a/2017/0xxx/CVE-2017-0060.json +++ b/2017/0xxx/CVE-2017-0060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GDI+", - "version" : { - "version_data" : [ - { - "version_value" : "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GDI+", + "version": { + "version_data": [ + { + "version_value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41656", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41656/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060" - }, - { - "name" : "96713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96713" - }, - { - "name" : "1038002", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"GDI+ Information Disclosure Vulnerability.\" This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96713" + }, + { + "name": "41656", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41656/" + }, + { + "name": "1038002", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038002" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0060" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0521.json b/2017/0xxx/CVE-2017-0521.json index c7d29d51249..adf02540265 100644 --- a/2017/0xxx/CVE-2017-0521.json +++ b/2017/0xxx/CVE-2017-0521.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8" - }, - { - "name" : "96951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96951" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32919951. References: QC-CR#1097709." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8" + }, + { + "name": "96951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96951" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0915.json b/2017/0xxx/CVE-2017-0915.json index b388af4616b..27d6d17b7a0 100644 --- a/2017/0xxx/CVE-2017-0915.json +++ b/2017/0xxx/CVE-2017-0915.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitLab Community and Enterprise Editions", - "version" : { - "version_data" : [ - { - "version_value" : "8.9 - 10.1.5 Fixed in 10.1.6" - }, - { - "version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6" - }, - { - "version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "GitLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitLab Community and Enterprise Editions", + "version": { + "version_data": [ + { + "version_value": "8.9 - 10.1.5 Fixed in 10.1.6" + }, + { + "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" + }, + { + "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" + } + ] + } + } + ] + }, + "vendor_name": "GitLab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/298873", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/298873" - }, - { - "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" - }, - { - "name" : "DSA-4145", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4145", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4145" + }, + { + "name": "https://hackerone.com/reports/298873", + "refsource": "MISC", + "url": "https://hackerone.com/reports/298873" + }, + { + "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0916.json b/2017/0xxx/CVE-2017-0916.json index 6e8111a5a59..0085f70583a 100644 --- a/2017/0xxx/CVE-2017-0916.json +++ b/2017/0xxx/CVE-2017-0916.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitLab Community and Enterprise Editions", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0 - 10.1.5 Fixed in 10.1.6" - }, - { - "version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6" - }, - { - "version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "GitLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitLab Community and Enterprise Editions", + "version": { + "version_data": [ + { + "version_value": "9.1.0 - 10.1.5 Fixed in 10.1.6" + }, + { + "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" + }, + { + "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" + } + ] + } + } + ] + }, + "vendor_name": "GitLab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/299473", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/299473" - }, - { - "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" - }, - { - "name" : "DSA-4145", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4145", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4145" + }, + { + "name": "https://hackerone.com/reports/299473", + "refsource": "MISC", + "url": "https://hackerone.com/reports/299473" + }, + { + "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18036.json b/2017/18xxx/CVE-2017-18036.json index 876d87cf2b4..cab208d2461 100644 --- a/2017/18xxx/CVE-2017-18036.json +++ b/2017/18xxx/CVE-2017-18036.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2017-02-02T00:00:00", - "ID" : "CVE-2017-18036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Bitbucket Server", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 5.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server Side Request Forgery (CWE-918)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2017-02-02T00:00:00", + "ID": "CVE-2017-18036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "prior to 5.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/BSERV-10591", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/BSERV-10591" - }, - { - "name" : "102932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/BSERV-10591", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/BSERV-10591" + }, + { + "name": "102932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102932" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18073.json b/2017/18xxx/CVE-2017-18073.json index 52a79bca63d..ee762d19b27 100644 --- a/2017/18xxx/CVE-2017-18073.json +++ b/2017/18xxx/CVE-2017-18073.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in TrustZone" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1051.json b/2017/1xxx/CVE-2017-1051.json index 91814750dfb..752b7950b4b 100644 --- a/2017/1xxx/CVE-2017-1051.json +++ b/2017/1xxx/CVE-2017-1051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1051", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1051", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1058.json b/2017/1xxx/CVE-2017-1058.json index d0782da45b1..bc414861ba4 100644 --- a/2017/1xxx/CVE-2017-1058.json +++ b/2017/1xxx/CVE-2017-1058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1058", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1058", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1917.json b/2017/1xxx/CVE-2017-1917.json index ed848aa94e0..b80dca9d230 100644 --- a/2017/1xxx/CVE-2017-1917.json +++ b/2017/1xxx/CVE-2017-1917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1917", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1917", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1990.json b/2017/1xxx/CVE-2017-1990.json index dc8f436668a..e2c5ad3a705 100644 --- a/2017/1xxx/CVE-2017-1990.json +++ b/2017/1xxx/CVE-2017-1990.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1990", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1990", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5572.json b/2017/5xxx/CVE-2017-5572.json index 89068013bbb..669b0029fd8 100644 --- a/2017/5xxx/CVE-2017-5572.json +++ b/2017/5xxx/CVE-2017-5572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX220112", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX220112" - }, - { - "name" : "95801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95801" - }, - { - "name" : "1037716", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037716" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95801" + }, + { + "name": "https://support.citrix.com/article/CTX220112", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX220112" + }, + { + "name": "1037716", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037716" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5847.json b/2017/5xxx/CVE-2017-5847.json index 808b4c79483..16faffed45b 100644 --- a/2017/5xxx/CVE-2017-5847.json +++ b/2017/5xxx/CVE-2017-5847.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5847", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3" - }, - { - "name" : "https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37", - "refsource" : "CONFIRM", - "url" : "https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37" - }, - { - "name" : "DSA-3821", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3821" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37", + "refsource": "CONFIRM", + "url": "https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3" + }, + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "DSA-3821", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3821" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file