diff --git a/2006/0xxx/CVE-2006-0166.json b/2006/0xxx/CVE-2006-0166.json index bfbdb53eb38..0e417159040 100644 --- a/2006/0xxx/CVE-2006-0166.json +++ b/2006/0xxx/CVE-2006-0166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html" - }, - { - "name" : "ADV-2006-0143", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0143" - }, - { - "name" : "1015462", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015462" - }, - { - "name" : "18402", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18402" - }, - { - "name" : "systemworks-nprotect-hidden(24061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0143", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0143" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html" + }, + { + "name": "systemworks-nprotect-hidden(24061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061" + }, + { + "name": "18402", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18402" + }, + { + "name": "1015462", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015462" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0437.json b/2006/0xxx/CVE-2006-0437.json index 6aa89d51286..da20fe83a0f 100644 --- a/2006/0xxx/CVE-2006-0437.json +++ b/2006/0xxx/CVE-2006-0437.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for \"<\" and \">\" characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html" - }, - { - "name" : "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", - "refsource" : "SREASONRES", - "url" : "http://securityreason.com/achievement_securityalert/31" - }, - { - "name" : "ADV-2006-0445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0445" - }, - { - "name" : "22928", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/22928" - }, - { - "name" : "18693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18693" - }, - { - "name" : "406", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/406" - }, - { - "name" : "phpbb-referer-header-http-xss(24497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as \"onmouseover\" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for \"<\" and \">\" characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-0445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0445" + }, + { + "name": "18693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18693" + }, + { + "name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041920.html" + }, + { + "name": "20060203 phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin", + "refsource": "SREASONRES", + "url": "http://securityreason.com/achievement_securityalert/31" + }, + { + "name": "phpbb-referer-header-http-xss(24497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24497" + }, + { + "name": "22928", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/22928" + }, + { + "name": "406", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/406" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3384.json b/2006/3xxx/CVE-2006-3384.json index 538b75efad8..ffbbaf79fd5 100644 --- a/2006/3xxx/CVE-2006-3384.json +++ b/2006/3xxx/CVE-2006-3384.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060629 News <= 5.2 XSS, SQL Injection, Full Path Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438859/100/0/threaded" - }, - { - "name" : "http://www.acid-root.new.fr/advisories/news52.txt", - "refsource" : "MISC", - "url" : "http://www.acid-root.new.fr/advisories/news52.txt" - }, - { - "name" : "18775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18775" - }, - { - "name" : "ADV-2006-2642", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2642" - }, - { - "name" : "20936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20936" - }, - { - "name" : "vlcnews-divers-sql-injection(27504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060629 News <= 5.2 XSS, SQL Injection, Full Path Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438859/100/0/threaded" + }, + { + "name": "ADV-2006-2642", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2642" + }, + { + "name": "20936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20936" + }, + { + "name": "18775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18775" + }, + { + "name": "vlcnews-divers-sql-injection(27504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27504" + }, + { + "name": "http://www.acid-root.new.fr/advisories/news52.txt", + "refsource": "MISC", + "url": "http://www.acid-root.new.fr/advisories/news52.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3576.json b/2006/3xxx/CVE-2006-3576.json index a9a7f1613a5..731b423a293 100644 --- a/2006/3xxx/CVE-2006-3576.json +++ b/2006/3xxx/CVE-2006-3576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18893", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18893", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18893" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3893.json b/2006/3xxx/CVE-2006-3893.json index 4baef8a5248..3ea5aa457ff 100644 --- a/2006/3xxx/CVE-2006-3893.json +++ b/2006/3xxx/CVE-2006-3893.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2006-3893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#210697", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/210697" - }, - { - "name" : "21375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21375" - }, - { - "name" : "ADV-2006-4794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4794" - }, - { - "name" : "ADV-2006-4795", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4795" - }, - { - "name" : "23286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23286" - }, - { - "name" : "imagekit-activex-bo(30680)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4795", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4795" + }, + { + "name": "21375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21375" + }, + { + "name": "imagekit-activex-bo(30680)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30680" + }, + { + "name": "23286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23286" + }, + { + "name": "ADV-2006-4794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4794" + }, + { + "name": "VU#210697", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/210697" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4176.json b/2006/4xxx/CVE-2006-4176.json index eb469c457d1..712efb4aae1 100644 --- a/2006/4xxx/CVE-2006-4176.json +++ b/2006/4xxx/CVE-2006-4176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4176", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4176", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4230.json b/2006/4xxx/CVE-2006-4230.json index 9775e0d97e9..cdf1a709798 100644 --- a/2006/4xxx/CVE-2006-4230.json +++ b/2006/4xxx/CVE-2006-4230.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060815 Lizge V.20 Web Portal File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443309/100/0/threaded" - }, - { - "name" : "19533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19533" - }, - { - "name" : "1415", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1415" - }, - { - "name" : "lizge-index-file-include(28389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060815 Lizge V.20 Web Portal File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443309/100/0/threaded" + }, + { + "name": "1415", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1415" + }, + { + "name": "19533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19533" + }, + { + "name": "lizge-index-file-include(28389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28389" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4753.json b/2006/4xxx/CVE-2006-4753.json index b3f67a63501..28e8a4a194f 100644 --- a/2006/4xxx/CVE-2006-4753.json +++ b/2006/4xxx/CVE-2006-4753.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 PHProg : Local File Inclusion + XSS + Full path", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115796646100433&w=2" - }, - { - "name" : "http://www.pconfig.com/cdg393/adviso/PHProg.txt", - "refsource" : "MISC", - "url" : "http://www.pconfig.com/cdg393/adviso/PHProg.txt" - }, - { - "name" : "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html", - "refsource" : "CONFIRM", - "url" : "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html" - }, - { - "name" : "19957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19957" - }, - { - "name" : "21849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21849" - }, - { - "name" : "phprog-index-file-include(28847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phprog-index-file-include(28847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28847" + }, + { + "name": "http://www.pconfig.com/cdg393/adviso/PHProg.txt", + "refsource": "MISC", + "url": "http://www.pconfig.com/cdg393/adviso/PHProg.txt" + }, + { + "name": "19957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19957" + }, + { + "name": "20060911 PHProg : Local File Inclusion + XSS + Full path", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115796646100433&w=2" + }, + { + "name": "21849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21849" + }, + { + "name": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html", + "refsource": "CONFIRM", + "url": "http://www.comscripts.com/scripts/php.phprog-album-photo-php.2117.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4810.json b/2006/4xxx/CVE-2006-4810.json index 5858baf5e5b..375347175de 100644 --- a/2006/4xxx/CVE-2006-4810.json +++ b/2006/4xxx/CVE-2006-4810.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-4810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061127 rPSA-2006-0219-1 info install-info texinfo", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452723/100/0/threaded" - }, - { - "name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" - }, - { - "name" : "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17", - "refsource" : "MISC", - "url" : "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-810", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-810" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" - }, - { - "name" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" - }, - { - "name" : "DSA-1219", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1219" - }, - { - "name" : "GLSA-200611-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-16.xml" - }, - { - "name" : "MDKSA-2006:203", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:203" - }, - { - "name" : "OpenPKG-SA-2006.034", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html" - }, - { - "name" : "RHSA-2006:0727", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0727.html" - }, - { - "name" : "20061101-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" - }, - { - "name" : "SUSE-SR:2006:028", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_28_sr.html" - }, - { - "name" : "2006-0063", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0063/" - }, - { - "name" : "USN-379-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-379-1" - }, - { - "name" : "20959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20959" - }, - { - "name" : "oval:org.mitre.oval:def:10893", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893" - }, - { - "name" : "ADV-2006-4412", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4412" - }, - { - "name" : "ADV-2007-1267", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1267" - }, - { - "name" : "22725", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22725" - }, - { - "name" : "22777", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22777" - }, - { - "name" : "22798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22798" - }, - { - "name" : "22929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22929" - }, - { - "name" : "22898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22898" - }, - { - "name" : "22995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22995" - }, - { - "name" : "23015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23015" - }, - { - "name" : "23112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23112" - }, - { - "name" : "23335", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23335" - }, - { - "name" : "24788", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24788" - }, - { - "name" : "texinfo-texindex-bo(30158)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22725", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22725" + }, + { + "name": "MDKSA-2006:203", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:203" + }, + { + "name": "RHSA-2006:0727", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html" + }, + { + "name": "22777", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22777" + }, + { + "name": "USN-379-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-379-1" + }, + { + "name": "20959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20959" + }, + { + "name": "22995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22995" + }, + { + "name": "ADV-2006-4412", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4412" + }, + { + "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded" + }, + { + "name": "SUSE-SR:2006:028", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_28_sr.html" + }, + { + "name": "23015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23015" + }, + { + "name": "ADV-2007-1267", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1267" + }, + { + "name": "https://issues.rpath.com/browse/RPL-810", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-810" + }, + { + "name": "GLSA-200611-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-16.xml" + }, + { + "name": "23335", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23335" + }, + { + "name": "23112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23112" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html" + }, + { + "name": "2006-0063", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0063/" + }, + { + "name": "20061101-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P" + }, + { + "name": "24788", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24788" + }, + { + "name": "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17", + "refsource": "MISC", + "url": "http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17" + }, + { + "name": "20061127 rPSA-2006-0219-1 info install-info texinfo", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452723/100/0/threaded" + }, + { + "name": "22898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22898" + }, + { + "name": "22929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22929" + }, + { + "name": "oval:org.mitre.oval:def:10893", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893" + }, + { + "name": "texinfo-texindex-bo(30158)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30158" + }, + { + "name": "OpenPKG-SA-2006.034", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html" + }, + { + "name": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html" + }, + { + "name": "22798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22798" + }, + { + "name": "DSA-1219", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1219" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4854.json b/2006/4xxx/CVE-2006-4854.json index 40453607fc0..955b9b551a3 100644 --- a/2006/4xxx/CVE-2006-4854.json +++ b/2006/4xxx/CVE-2006-4854.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4854", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2006-4854", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009." + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6741.json b/2006/6xxx/CVE-2006-6741.json index e86d044789e..4d52d5f2e91 100644 --- a/2006/6xxx/CVE-2006-6741.json +++ b/2006/6xxx/CVE-2006-6741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061219 MkPortal Urlobox Cross Site Request Forgery", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454868/100/0/threaded" - }, - { - "name" : "ADV-2006-5115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5115" - }, - { - "name" : "23431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23431" + }, + { + "name": "ADV-2006-5115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5115" + }, + { + "name": "20061219 MkPortal Urlobox Cross Site Request Forgery", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454868/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6785.json b/2006/6xxx/CVE-2006-6785.json index 485b632d046..4c01b6631dd 100644 --- a/2006/6xxx/CVE-2006-6785.json +++ b/2006/6xxx/CVE-2006-6785.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2981", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2981" - }, - { - "name" : "21775", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21775" - }, - { - "name" : "23476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2981", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2981" + }, + { + "name": "23476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23476" + }, + { + "name": "21775", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21775" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7097.json b/2006/7xxx/CVE-2006-7097.json index 4c14b378f6f..2c1b54efbb0 100644 --- a/2006/7xxx/CVE-2006-7097.json +++ b/2006/7xxx/CVE-2006-7097.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.taskfreak.com/versions.html", - "refsource" : "CONFIRM", - "url" : "http://www.taskfreak.com/versions.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.taskfreak.com/versions.html", + "refsource": "CONFIRM", + "url": "http://www.taskfreak.com/versions.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2504.json b/2010/2xxx/CVE-2010-2504.json index f33efaef221..7d0f740081f 100644 --- a/2010/2xxx/CVE-2010-2504.json +++ b/2010/2xxx/CVE-2010-2504.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.splunk.com/view/SP-CAAAFGD", - "refsource" : "CONFIRM", - "url" : "http://www.splunk.com/view/SP-CAAAFGD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.splunk.com/view/SP-CAAAFGD", + "refsource": "CONFIRM", + "url": "http://www.splunk.com/view/SP-CAAAFGD" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2981.json b/2010/2xxx/CVE-2010-2981.json index a20d968c778..a7fbaee60d6 100644 --- a/2010/2xxx/CVE-2010-2981.json +++ b/2010/2xxx/CVE-2010-2981.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (device crash) by pinging a virtual interface, aka Bug ID CSCte55370." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3123.json b/2010/3xxx/CVE-2010-3123.json index 37ddd60c8fd..ec66b11d669 100644 --- a/2010/3xxx/CVE-2010-3123.json +++ b/2010/3xxx/CVE-2010-3123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3918.json b/2010/3xxx/CVE-2010-3918.json index a47ec3d151d..b4686d52324 100644 --- a/2010/3xxx/CVE-2010-3918.json +++ b/2010/3xxx/CVE-2010-3918.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2010-3918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://fenrir-inc.blogspot.com/2010/11/vulnerability-regarding-allow-paste.html", - "refsource" : "CONFIRM", - "url" : "http://fenrir-inc.blogspot.com/2010/11/vulnerability-regarding-allow-paste.html" - }, - { - "name" : "http://www.fenrir.co.jp/blog/2010/11/post_47.html", - "refsource" : "CONFIRM", - "url" : "http://www.fenrir.co.jp/blog/2010/11/post_47.html" - }, - { - "name" : "JVN#64764004", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN64764004/index.html" - }, - { - "name" : "JVNDB-2010-000057", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000057.html" - }, - { - "name" : "69604", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/69604" - }, - { - "name" : "42427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2010-000057", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000057.html" + }, + { + "name": "69604", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/69604" + }, + { + "name": "42427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42427" + }, + { + "name": "http://fenrir-inc.blogspot.com/2010/11/vulnerability-regarding-allow-paste.html", + "refsource": "CONFIRM", + "url": "http://fenrir-inc.blogspot.com/2010/11/vulnerability-regarding-allow-paste.html" + }, + { + "name": "JVN#64764004", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN64764004/index.html" + }, + { + "name": "http://www.fenrir.co.jp/blog/2010/11/post_47.html", + "refsource": "CONFIRM", + "url": "http://www.fenrir.co.jp/blog/2010/11/post_47.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0025.json b/2011/0xxx/CVE-2011-0025.json index c5a0b12187a..0dfcfa35a38 100644 --- a/2011/0xxx/CVE-2011-0025.json +++ b/2011/0xxx/CVE-2011-0025.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515", - "refsource" : "MISC", - "url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515" - }, - { - "name" : "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/", - "refsource" : "CONFIRM", - "url" : "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/" - }, - { - "name" : "DSA-2224", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2224" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "MDVSA-2011:054", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" - }, - { - "name" : "USN-1055-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1055-1" - }, - { - "name" : "46110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46110" - }, - { - "name" : "43135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43135" - }, - { - "name" : "icedtea-jar-security-bypass(65151)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are \"partially signed\" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46110" + }, + { + "name": "USN-1055-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1055-1" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "icedtea-jar-security-bypass(65151)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65151" + }, + { + "name": "DSA-2224", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2224" + }, + { + "name": "43135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43135" + }, + { + "name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515", + "refsource": "MISC", + "url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515" + }, + { + "name": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/", + "refsource": "CONFIRM", + "url": "http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/" + }, + { + "name": "MDVSA-2011:054", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:054" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0391.json b/2011/0xxx/CVE-2011-0391.json index 3a1b8a29a26..f96d927de8c 100644 --- a/2011/0xxx/CVE-2011-0391.json +++ b/2011/0xxx/CVE-2011-0391.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an \"ad hoc recording\" issue, aka Bug ID CSCtf97205." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" - }, - { - "name" : "46522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46522" - }, - { - "name" : "1025114", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025114" - }, - { - "name" : "telepresence-adhoc-dos(65607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco TelePresence Recording Server devices with software 1.6.x allow remote attackers to cause a denial of service (thread consumption and device outage) via a malformed request, related to an \"ad hoc recording\" issue, aka Bug ID CSCtf97205." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "telepresence-adhoc-dos(65607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65607" + }, + { + "name": "20110223 Multiple Vulnerabilities in Cisco TelePresence Recording Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e11d.shtml" + }, + { + "name": "1025114", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025114" + }, + { + "name": "46522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46522" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0497.json b/2011/0xxx/CVE-2011-0497.json index d2cc1f5de3b..01300c8d21f 100644 --- a/2011/0xxx/CVE-2011-0497.json +++ b/2011/0xxx/CVE-2011-0497.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via \"../\\\" (dot dot forward-slash backslash) sequences in a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110110 Sybase EAServer Remote Directory Traversal Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889" - }, - { - "name" : "http://www.sybase.com/detail?id=1091057", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1091057" - }, - { - "name" : "45809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45809" - }, - { - "name" : "70427", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70427" - }, - { - "name" : "42904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42904" - }, - { - "name" : "ADV-2011-0125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0125" - }, - { - "name" : "easerver-unspec-file-include(64695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to read arbitrary files via \"../\\\" (dot dot forward-slash backslash) sequences in a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "easerver-unspec-file-include(64695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64695" + }, + { + "name": "42904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42904" + }, + { + "name": "http://www.sybase.com/detail?id=1091057", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1091057" + }, + { + "name": "45809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45809" + }, + { + "name": "70427", + "refsource": "OSVDB", + "url": "http://osvdb.org/70427" + }, + { + "name": "20110110 Sybase EAServer Remote Directory Traversal Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=889" + }, + { + "name": "ADV-2011-0125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0125" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0632.json b/2011/0xxx/CVE-2011-0632.json index c428fb415fa..4ea91bfa273 100644 --- a/2011/0xxx/CVE-2011-0632.json +++ b/2011/0xxx/CVE-2011-0632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0632", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0632", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0877.json b/2011/0xxx/CVE-2011-0877.json index 6e09698e624..b8a045ea5bf 100644 --- a/2011/0xxx/CVE-2011-0877.json +++ b/2011/0xxx/CVE-2011-0877.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1143.json b/2011/1xxx/CVE-2011-1143.json index 53cafe28ee3..783e9028115 100644 --- a/2011/1xxx/CVE-2011-1143.json +++ b/2011/1xxx/CVE-2011-1143.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1143", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=34018", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=rev&revision=34018" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5157", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5157" - }, - { - "name" : "FEDORA-2011-2620", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" - }, - { - "name" : "FEDORA-2011-2632", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" - }, - { - "name" : "FEDORA-2011-2648", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" - }, - { - "name" : "RHSA-2011:0370", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0370.html" - }, - { - "name" : "openSUSE-SU-2011:0347", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/8086844" - }, - { - "name" : "VU#215900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/215900" - }, - { - "name" : "46796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46796" - }, - { - "name" : "oval:org.mitre.oval:def:16209", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16209" - }, - { - "name" : "1025148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025148" - }, - { - "name" : "43821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43821" - }, - { - "name" : "44169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44169" - }, - { - "name" : "43759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43759" - }, - { - "name" : "48947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48947" - }, - { - "name" : "ADV-2011-0719", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0719" - }, - { - "name" : "ADV-2011-0626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5157", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5157" + }, + { + "name": "openSUSE-SU-2011:0347", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/8086844" + }, + { + "name": "43759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43759" + }, + { + "name": "FEDORA-2011-2648", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055364.html" + }, + { + "name": "FEDORA-2011-2620", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055664.html" + }, + { + "name": "44169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44169" + }, + { + "name": "ADV-2011-0626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0626" + }, + { + "name": "48947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48947" + }, + { + "name": "VU#215900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/215900" + }, + { + "name": "RHSA-2011:0370", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0370.html" + }, + { + "name": "ADV-2011-0719", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0719" + }, + { + "name": "oval:org.mitre.oval:def:16209", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16209" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.4.4.html" + }, + { + "name": "FEDORA-2011-2632", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055650.html" + }, + { + "name": "46796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46796" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=34018", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=rev&revision=34018" + }, + { + "name": "1025148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025148" + }, + { + "name": "43821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43821" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1307.json b/2011/1xxx/CVE-2011-1307.json index 746daae59df..44a954bdaf0 100644 --- a/2011/1xxx/CVE-2011-1307.json +++ b/2011/1xxx/CVE-2011-1307.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM20021", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021" - }, - { - "name" : "46736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46736" - }, - { - "name" : "ADV-2011-0564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM20021", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021" + }, + { + "name": "46736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46736" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "ADV-2011-0564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0564" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1594.json b/2011/1xxx/CVE-2011-1594.json index ab66f1bc161..0366496772c 100644 --- a/2011/1xxx/CVE-2011-1594.json +++ b/2011/1xxx/CVE-2011-1594.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=672167", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=672167" - }, - { - "name" : "RHSA-2011:1299", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1299.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Spacewalk-announce-list] 20111222 Spacewalk 1.6 has been released", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html" + }, + { + "name": "RHSA-2011:1299", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1299.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=672167", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=672167" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1861.json b/2011/1xxx/CVE-2011-1861.json index 419183a30de..910884c3018 100644 --- a/2011/1xxx/CVE-2011-1861.json +++ b/2011/1xxx/CVE-2011-1861.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "SSRT100487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "48168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48168" - }, - { - "name" : "1025611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025611" - }, - { - "name" : "44836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44836" - }, - { - "name" : "8273", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8273" - }, - { - "name" : "hp-service-manager-unauth-access(67912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-service-manager-unauth-access(67912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67912" + }, + { + "name": "44836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44836" + }, + { + "name": "8273", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8273" + }, + { + "name": "1025611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025611" + }, + { + "name": "SSRT100487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "HPSBMA02674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "48168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48168" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1930.json b/2011/1xxx/CVE-2011-1930.json index 2e95054935c..37f9512d52b 100644 --- a/2011/1xxx/CVE-2011-1930.json +++ b/2011/1xxx/CVE-2011-1930.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1930", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1930", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4774.json b/2011/4xxx/CVE-2011-4774.json index 2b9076a0d31..b8e3964ebd5 100644 --- a/2011/4xxx/CVE-2011-4774.json +++ b/2011/4xxx/CVE-2011-4774.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4774", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4774", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5160.json b/2011/5xxx/CVE-2011-5160.json index ce02466dc35..b60aca97169 100644 --- a/2011/5xxx/CVE-2011-5160.json +++ b/2011/5xxx/CVE-2011-5160.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18274", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18274" - }, - { - "name" : "openemr-setup-xss(71982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18274", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18274" + }, + { + "name": "openemr-setup-xss(71982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71982" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5196.json b/2011/5xxx/CVE-2011-5196.json index 2c97a11bc02..5454e29cf0a 100644 --- a/2011/5xxx/CVE-2011-5196.json +++ b/2011/5xxx/CVE-2011-5196.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18266", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18266" - }, - { - "name" : "77995", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77995" - }, - { - "name" : "47330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47330" + }, + { + "name": "77995", + "refsource": "OSVDB", + "url": "http://osvdb.org/77995" + }, + { + "name": "18266", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18266" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2705.json b/2014/2xxx/CVE-2014-2705.json index d8aa8b40f04..d163420cf93 100644 --- a/2014/2xxx/CVE-2014-2705.json +++ b/2014/2xxx/CVE-2014-2705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3185.json b/2014/3xxx/CVE-2014-3185.json index 7a1c667892a..5a78cdfa4c4 100644 --- a/2014/3xxx/CVE-2014-3185.json +++ b/2014/3xxx/CVE-2014-3185.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/11/21" - }, - { - "name" : "https://code.google.com/p/google-security-research/issues/detail?id=98", - "refsource" : "MISC", - "url" : "https://code.google.com/p/google-security-research/issues/detail?id=98" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6817ae225cd650fb1c3295d769298c38b1eba818", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6817ae225cd650fb1c3295d769298c38b1eba818" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141400", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1141400" - }, - { - "name" : "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818" - }, - { - "name" : "RHSA-2014:1318", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1318.html" - }, - { - "name" : "RHSA-2015:0284", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0284.html" - }, - { - "name" : "SUSE-SU-2015:0481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" - }, - { - "name" : "openSUSE-SU-2015:0566", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" - }, - { - "name" : "SUSE-SU-2015:0652", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "USN-2374-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2374-1" - }, - { - "name" : "USN-2375-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2375-1" - }, - { - "name" : "USN-2376-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2376-1" - }, - { - "name" : "USN-2377-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2377-1" - }, - { - "name" : "USN-2378-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2378-1" - }, - { - "name" : "USN-2379-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2379-1" - }, - { - "name" : "69781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2377-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2377-1" + }, + { + "name": "RHSA-2014:1318", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html" + }, + { + "name": "USN-2375-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2375-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818" + }, + { + "name": "SUSE-SU-2015:0652", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6817ae225cd650fb1c3295d769298c38b1eba818", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6817ae225cd650fb1c3295d769298c38b1eba818" + }, + { + "name": "https://code.google.com/p/google-security-research/issues/detail?id=98", + "refsource": "MISC", + "url": "https://code.google.com/p/google-security-research/issues/detail?id=98" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2" + }, + { + "name": "SUSE-SU-2015:0481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html" + }, + { + "name": "[oss-security] 20140911 Multiple Linux USB driver CVE assignment", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21" + }, + { + "name": "USN-2378-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2378-1" + }, + { + "name": "openSUSE-SU-2015:0566", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1141400", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141400" + }, + { + "name": "RHSA-2015:0284", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html" + }, + { + "name": "USN-2374-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2374-1" + }, + { + "name": "69781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69781" + }, + { + "name": "USN-2379-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2379-1" + }, + { + "name": "USN-2376-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2376-1" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3391.json b/2014/3xxx/CVE-2014-3391.json index bbb0cdc9a9b..1e22a2d7685 100644 --- a/2014/3xxx/CVE-2014-3391.json +++ b/2014/3xxx/CVE-2014-3391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141008 Multiple Vulnerabilities in Cisco ASA Software", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Cisco ASA Software 8.x before 8.4(3), 8.5, and 8.7 before 8.7(1.13) allows local users to gain privileges by placing a Trojan horse library file in external memory, leading to library use after device reload because of an incorrect LD_LIBRARY_PATH value, aka Bug ID CSCtq52661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141008 Multiple Vulnerabilities in Cisco ASA Software", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3437.json b/2014/3xxx/CVE-2014-3437.json index a46201d0af6..c1374ce491f 100644 --- a/2014/3xxx/CVE-2014-3437.json +++ b/2014/3xxx/CVE-2014-3437.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533918/100/0/threaded" - }, - { - "name" : "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/7" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00" - }, - { - "name" : "70843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70843" - }, - { - "name" : "1031176", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031176" - }, - { - "name" : "symantec-endpoint-cve20143437-info-disc(98525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/7" + }, + { + "name": "symantec-endpoint-cve20143437-info-disc(98525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98525" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00" + }, + { + "name": "70843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70843" + }, + { + "name": "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533918/100/0/threaded" + }, + { + "name": "1031176", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031176" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3522.json b/2014/3xxx/CVE-2014-3522.json index 72180d27044..190b7457f30 100644 --- a/2014/3xxx/CVE-2014-3522.json +++ b/2014/3xxx/CVE-2014-3522.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt", - "refsource" : "CONFIRM", - "url" : "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt" - }, - { - "name" : "https://support.apple.com/HT204427", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT204427" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "APPLE-SA-2015-03-09-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" - }, - { - "name" : "GLSA-201610-05", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201610-05" - }, - { - "name" : "openSUSE-SU-2014:1059", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html" - }, - { - "name" : "USN-2316-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2316-1" - }, - { - "name" : "69237", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69237" - }, - { - "name" : "109996", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/109996" - }, - { - "name" : "60100", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60100" - }, - { - "name" : "60722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60722" - }, - { - "name" : "59432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59432" - }, - { - "name" : "59584", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59584" - }, - { - "name" : "apache-subversion-cve20143528-info-disc(95090)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090" - }, - { - "name" : "apache-subversion-cve20143522-spoofing(95311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59432" + }, + { + "name": "USN-2316-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2316-1" + }, + { + "name": "https://support.apple.com/HT204427", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT204427" + }, + { + "name": "109996", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/109996" + }, + { + "name": "APPLE-SA-2015-03-09-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html" + }, + { + "name": "apache-subversion-cve20143522-spoofing(95311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95311" + }, + { + "name": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt", + "refsource": "CONFIRM", + "url": "https://subversion.apache.org/security/CVE-2014-3522-advisory.txt" + }, + { + "name": "60100", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60100" + }, + { + "name": "60722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60722" + }, + { + "name": "69237", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69237" + }, + { + "name": "openSUSE-SU-2014:1059", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00038.html" + }, + { + "name": "GLSA-201610-05", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201610-05" + }, + { + "name": "59584", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59584" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + }, + { + "name": "apache-subversion-cve20143528-info-disc(95090)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95090" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3904.json b/2014/3xxx/CVE-2014-3904.json index 89bda7d4daf..ce858308a81 100644 --- a/2014/3xxx/CVE-2014-3904.json +++ b/2014/3xxx/CVE-2014-3904.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#48039501", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48039501/index.html" - }, - { - "name" : "JVNDB-2014-000095", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#48039501", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48039501/index.html" + }, + { + "name": "JVNDB-2014-000095", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000095" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6182.json b/2014/6xxx/CVE-2014-6182.json index d0e8c7ac43b..58b17a67c87 100644 --- a/2014/6xxx/CVE-2014-6182.json +++ b/2014/6xxx/CVE-2014-6182.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21692540", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21692540" - }, - { - "name" : "JR51234", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234" - }, - { - "name" : "1031379", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031379" - }, - { - "name" : "ibm-bpm-cve20146182-traversal(98518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in an export function in the Process Center in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1031379", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031379" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21692540", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21692540" + }, + { + "name": "JR51234", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR51234" + }, + { + "name": "ibm-bpm-cve20146182-traversal(98518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98518" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6516.json b/2014/6xxx/CVE-2014-6516.json index 1b1d0693d09..2e51009a0b0 100644 --- a/2014/6xxx/CVE-2014-6516.json +++ b/2014/6xxx/CVE-2014-6516.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70571" - }, - { - "name" : "1031047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031047" - }, - { - "name" : "61698", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70571" + }, + { + "name": "1031047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031047" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61698", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61698" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6724.json b/2014/6xxx/CVE-2014-6724.json index 3542b436c9e..bfa04c1278c 100644 --- a/2014/6xxx/CVE-2014-6724.json +++ b/2014/6xxx/CVE-2014-6724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#709657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/709657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#709657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/709657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6937.json b/2014/6xxx/CVE-2014-6937.json index 50c87b4f130..735cf4c5f3d 100644 --- a/2014/6xxx/CVE-2014-6937.json +++ b/2014/6xxx/CVE-2014-6937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#907041", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/907041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#907041", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/907041" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7257.json b/2014/7xxx/CVE-2014-7257.json index 2e2eccf4d63..eaf3df294db 100644 --- a/2014/7xxx/CVE-2014-7257.json +++ b/2014/7xxx/CVE-2014-7257.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7257", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7257", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7725.json b/2014/7xxx/CVE-2014-7725.json index 9c49de70fcc..48f6d748293 100644 --- a/2014/7xxx/CVE-2014-7725.json +++ b/2014/7xxx/CVE-2014-7725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#399017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/399017" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#399017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/399017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7977.json b/2014/7xxx/CVE-2014-7977.json index 9f80aeb3f6c..5e28ee7c869 100644 --- a/2014/7xxx/CVE-2014-7977.json +++ b/2014/7xxx/CVE-2014-7977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7987.json b/2014/7xxx/CVE-2014-7987.json index ddecc93d1f7..ce54e6e5809 100644 --- a/2014/7xxx/CVE-2014-7987.json +++ b/2014/7xxx/CVE-2014-7987.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141029 Multiple vulnerabilities in EspoCRM", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533844/100/0/threaded" - }, - { - "name" : "http://blog.espocrm.com/news/espocrm-2-6-0-released", - "refsource" : "MISC", - "url" : "http://blog.espocrm.com/news/espocrm-2-6-0-released" - }, - { - "name" : "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23238", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23238" - }, - { - "name" : "70806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141029 Multiple vulnerabilities in EspoCRM", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533844/100/0/threaded" + }, + { + "name": "http://blog.espocrm.com/news/espocrm-2-6-0-released", + "refsource": "MISC", + "url": "http://blog.espocrm.com/news/espocrm-2-6-0-released" + }, + { + "name": "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128888/EspoCRM-2.5.2-XSS-LFI-Access-Control.html" + }, + { + "name": "70806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70806" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23238", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23238" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2039.json b/2016/2xxx/CVE-2016-2039.json index 7452c2550fb..0efee315026 100644 --- a/2016/2xxx/CVE-2016-2039.json +++ b/2016/2xxx/CVE-2016-2039.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e" - }, - { - "name" : "https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813", - "refsource" : "CONFIRM", - "url" : "https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813" - }, - { - "name" : "DSA-3627", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3627" - }, - { - "name" : "FEDORA-2016-e1fe01e96e", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html" - }, - { - "name" : "FEDORA-2016-e55278763e", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html" - }, - { - "name" : "openSUSE-SU-2016:0357", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html" - }, - { - "name" : "openSUSE-SU-2016:0378", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not properly generate CSRF token values, which allows remote attackers to bypass intended access restrictions by predicting a value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244da1f769043813" + }, + { + "name": "openSUSE-SU-2016:0378", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00049.html" + }, + { + "name": "DSA-3627", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3627" + }, + { + "name": "openSUSE-SU-2016:0357", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00028.html" + }, + { + "name": "FEDORA-2016-e55278763e", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176739.html" + }, + { + "name": "FEDORA-2016-e1fe01e96e", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176483.html" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2016-2.php" + }, + { + "name": "https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e", + "refsource": "CONFIRM", + "url": "https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2099.json b/2016/2xxx/CVE-2016-2099.json index df7a8abe7ca..525f9e038c0 100644 --- a/2016/2xxx/CVE-2016-2099.json +++ b/2016/2xxx/CVE-2016-2099.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2016-2099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2016-2099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/05/09/7" - }, - { - "name" : "https://issues.apache.org/jira/browse/XERCESC-2066", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/XERCESC-2066" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "DSA-3579", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3579" - }, - { - "name" : "GLSA-201612-46", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201612-46" - }, - { - "name" : "openSUSE-SU-2016:1744", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html" - }, - { - "name" : "openSUSE-SU-2016:2232", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html" - }, - { - "name" : "openSUSE-SU-2016:1808", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html" - }, - { - "name" : "90502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/90502" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3579", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3579" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "https://issues.apache.org/jira/browse/XERCESC-2066", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/XERCESC-2066" + }, + { + "name": "90502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/90502" + }, + { + "name": "GLSA-201612-46", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201612-46" + }, + { + "name": "openSUSE-SU-2016:1744", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html" + }, + { + "name": "openSUSE-SU-2016:2232", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html" + }, + { + "name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/05/09/7" + }, + { + "name": "openSUSE-SU-2016:1808", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2300.json b/2016/2xxx/CVE-2016-2300.json index 990794449d4..a5096a82fd0 100644 --- a/2016/2xxx/CVE-2016-2300.json +++ b/2016/2xxx/CVE-2016-2300.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2987.json b/2016/2xxx/CVE-2016-2987.json index 808d52105aa..1ef123a9779 100644 --- a/2016/2xxx/CVE-2016-2987.json +++ b/2016/2xxx/CVE-2016-2987.json @@ -1,115 +1,115 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2016-2987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.1" - }, - { - "version_value" : "4.0" - }, - { - "version_value" : "3.0.1.6" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "3.0.1" + }, + { + "version_value": "4.0" + }, + { + "version_value": "3.0.1.6" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21996097", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21996097" - }, - { - "name" : "95109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95109" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21996097", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21996097" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18132.json b/2017/18xxx/CVE-2017-18132.json index f1e048accb9..1583cdc23ff 100644 --- a/2017/18xxx/CVE-2017-18132.json +++ b/2017/18xxx/CVE-2017-18132.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM8996" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, MDM8996, an out-of-bounds access can potentially occur in tz_assign()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in Core" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM8996" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, MDM8996, an out-of-bounds access can potentially occur in tz_assign()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Core" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1006.json b/2017/1xxx/CVE-2017-1006.json index 0a1fded0941..5bb7d7a7f5c 100644 --- a/2017/1xxx/CVE-2017-1006.json +++ b/2017/1xxx/CVE-2017-1006.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1006", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1006", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1251.json b/2017/1xxx/CVE-2017-1251.json index 5492ea790cc..83bb813b27e 100644 --- a/2017/1xxx/CVE-2017-1251.json +++ b/2017/1xxx/CVE-2017-1251.json @@ -1,113 +1,113 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-16T00:00:00", - "ID" : "CVE-2017-1251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "4.0" - }, - { - "version_value" : "4.0.1" - }, - { - "version_value" : "4.0.2" - }, - { - "version_value" : "4.0.3" - }, - { - "version_value" : "4.0.4" - }, - { - "version_value" : "4.0.5" - }, - { - "version_value" : "4.0.6" - }, - { - "version_value" : "5.0" - }, - { - "version_value" : "4.0.7" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-16T00:00:00", + "ID": "CVE-2017-1251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "4.0" + }, + { + "version_value": "4.0.1" + }, + { + "version_value": "4.0.2" + }, + { + "version_value": "4.0.3" + }, + { + "version_value": "4.0.4" + }, + { + "version_value": "4.0.5" + }, + { + "version_value": "4.0.6" + }, + { + "version_value": "5.0" + }, + { + "version_value": "4.0.7" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010682", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker. IBM X-Force ID: 124631." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010682", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010682" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124631" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1275.json b/2017/1xxx/CVE-2017-1275.json index 84c64cf4758..7d0d14defda 100644 --- a/2017/1xxx/CVE-2017-1275.json +++ b/2017/1xxx/CVE-2017-1275.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171275-xss(124750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-rqm-cve20171275-xss(124750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1452.json b/2017/1xxx/CVE-2017-1452.json index f29d6584079..6e97509cb3d 100644 --- a/2017/1xxx/CVE-2017-1452.json +++ b/2017/1xxx/CVE-2017-1452.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-07T00:00:00", - "ID" : "CVE-2017-1452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux, UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "10.5" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "9.7" - }, - { - "version_value" : "11.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-07T00:00:00", + "ID": "CVE-2017-1452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux, UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "10.5" + }, + { + "version_value": "10.1" + }, + { + "version_value": "9.7" + }, + { + "version_value": "11.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006109", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006109" - }, - { - "name" : "100698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100698" - }, - { - "name" : "1039299", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128180" + }, + { + "name": "100698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100698" + }, + { + "name": "1039299", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039299" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22006109", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22006109" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5081.json b/2017/5xxx/CVE-2017-5081.json index 80e147ee482..0919548413b 100644 --- a/2017/5xxx/CVE-2017-5081.json +++ b/2017/5xxx/CVE-2017-5081.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 59.0.3071.86 for Mac, Windows and Linux, and 59.0.3071.92 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/672008", - "refsource" : "MISC", - "url" : "https://crbug.com/672008" - }, - { - "name" : "GLSA-201706-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-20" - }, - { - "name" : "RHSA-2017:1399", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1399" - }, - { - "name" : "98861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98861" - }, - { - "name" : "1038622", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98861" + }, + { + "name": "RHSA-2017:1399", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1399" + }, + { + "name": "https://crbug.com/672008", + "refsource": "MISC", + "url": "https://crbug.com/672008" + }, + { + "name": "1038622", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038622" + }, + { + "name": "GLSA-201706-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-20" + }, + { + "name": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5095.json b/2017/5xxx/CVE-2017-5095.json index f266ef74d69..dd0afbbc818 100644 --- a/2017/5xxx/CVE-2017-5095.json +++ b/2017/5xxx/CVE-2017-5095.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/732661", - "refsource" : "MISC", - "url" : "https://crbug.com/732661" - }, - { - "name" : "DSA-3926", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3926" - }, - { - "name" : "GLSA-201709-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-15" - }, - { - "name" : "RHSA-2017:1833", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1833" - }, - { - "name" : "99950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-15" + }, + { + "name": "DSA-3926", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3926" + }, + { + "name": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html" + }, + { + "name": "99950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99950" + }, + { + "name": "RHSA-2017:1833", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1833" + }, + { + "name": "https://crbug.com/732661", + "refsource": "MISC", + "url": "https://crbug.com/732661" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5175.json b/2017/5xxx/CVE-2017-5175.json index e74bf759c2a..715bb008bdc 100644 --- a/2017/5xxx/CVE-2017-5175.json +++ b/2017/5xxx/CVE-2017-5175.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-02-14T00:00:00", - "ID" : "CVE-2017-5175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess Versions 8.1 and prior.", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess Versions 8.1 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-02-14T00:00:00", + "ID": "CVE-2017-5175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess Versions 8.1 and prior.", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess Versions 8.1 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01" - }, - { - "name" : "96210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerability which may allow an attacker to run a malicious DLL file within the search path resulting in execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED SEARCH PATH ELEMENT CWE-427" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96210" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-045-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5659.json b/2017/5xxx/CVE-2017-5659.json index ba3e9e8b8f9..91cdc72be13 100644 --- a/2017/5xxx/CVE-2017-5659.json +++ b/2017/5xxx/CVE-2017-5659.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Traffic Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 6.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS attack" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Server", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 6.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://issues.apache.org/jira/browse/TS-4819", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/TS-4819" - }, - { - "name" : "97949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97949" - }, - { - "name" : "1038275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/TS-4819", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/TS-4819" + }, + { + "name": "97949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97949" + }, + { + "name": "1038275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038275" + } + ] + } +} \ No newline at end of file