From a885df21550fdcb0c67915a6612bf75afd600191 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:23:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2051.json | 160 ++++---- 2006/3xxx/CVE-2006-3025.json | 120 +++--- 2006/3xxx/CVE-2006-3114.json | 190 ++++----- 2006/3xxx/CVE-2006-3149.json | 170 ++++---- 2006/3xxx/CVE-2006-3632.json | 360 ++++++++--------- 2006/3xxx/CVE-2006-3803.json | 710 ++++++++++++++++----------------- 2006/4xxx/CVE-2006-4174.json | 34 +- 2006/4xxx/CVE-2006-4472.json | 160 ++++---- 2006/4xxx/CVE-2006-4751.json | 180 ++++----- 2006/4xxx/CVE-2006-4892.json | 180 ++++----- 2006/6xxx/CVE-2006-6406.json | 240 +++++------ 2006/6xxx/CVE-2006-6470.json | 130 +++--- 2006/6xxx/CVE-2006-6483.json | 190 ++++----- 2006/7xxx/CVE-2006-7096.json | 130 +++--- 2010/2xxx/CVE-2010-2300.json | 180 ++++----- 2010/2xxx/CVE-2010-2419.json | 130 +++--- 2010/2xxx/CVE-2010-2494.json | 310 +++++++------- 2010/2xxx/CVE-2010-2846.json | 160 ++++---- 2011/0xxx/CVE-2011-0054.json | 170 ++++---- 2011/0xxx/CVE-2011-0171.json | 34 +- 2011/0xxx/CVE-2011-0316.json | 180 ++++----- 2011/0xxx/CVE-2011-0396.json | 160 ++++---- 2011/0xxx/CVE-2011-0719.json | 450 ++++++++++----------- 2011/1xxx/CVE-2011-1244.json | 160 ++++---- 2011/1xxx/CVE-2011-1324.json | 130 +++--- 2011/1xxx/CVE-2011-1339.json | 130 +++--- 2011/1xxx/CVE-2011-1366.json | 150 +++---- 2011/1xxx/CVE-2011-1818.json | 180 ++++----- 2011/1xxx/CVE-2011-1939.json | 34 +- 2011/4xxx/CVE-2011-4223.json | 130 +++--- 2011/4xxx/CVE-2011-4586.json | 150 +++---- 2011/5xxx/CVE-2011-5050.json | 150 +++---- 2011/5xxx/CVE-2011-5130.json | 180 ++++----- 2014/2xxx/CVE-2014-2260.json | 160 ++++---- 2014/2xxx/CVE-2014-2584.json | 34 +- 2014/2xxx/CVE-2014-2590.json | 130 +++--- 2014/2xxx/CVE-2014-2668.json | 180 ++++----- 2014/3xxx/CVE-2014-3113.json | 150 +++---- 2014/3xxx/CVE-2014-3412.json | 140 +++---- 2014/3xxx/CVE-2014-3438.json | 170 ++++---- 2014/6xxx/CVE-2014-6361.json | 120 +++--- 2014/6xxx/CVE-2014-6368.json | 120 +++--- 2014/6xxx/CVE-2014-6437.json | 140 +++---- 2014/6xxx/CVE-2014-6888.json | 140 +++---- 2014/6xxx/CVE-2014-6946.json | 140 +++---- 2014/7xxx/CVE-2014-7113.json | 140 +++---- 2014/7xxx/CVE-2014-7333.json | 140 +++---- 2014/7xxx/CVE-2014-7705.json | 140 +++---- 2014/7xxx/CVE-2014-7844.json | 34 +- 2016/2xxx/CVE-2016-2918.json | 34 +- 2017/0xxx/CVE-2017-0350.json | 130 +++--- 2017/0xxx/CVE-2017-0351.json | 130 +++--- 2017/0xxx/CVE-2017-0785.json | 210 +++++----- 2017/0xxx/CVE-2017-0927.json | 142 +++---- 2017/18xxx/CVE-2017-18166.json | 34 +- 2017/1xxx/CVE-2017-1189.json | 150 +++---- 2017/1xxx/CVE-2017-1396.json | 208 +++++----- 2017/1xxx/CVE-2017-1435.json | 34 +- 2017/1xxx/CVE-2017-1712.json | 34 +- 2017/5xxx/CVE-2017-5156.json | 140 +++---- 2017/5xxx/CVE-2017-5200.json | 140 +++---- 2017/5xxx/CVE-2017-5464.json | 274 ++++++------- 2017/5xxx/CVE-2017-5680.json | 34 +- 2017/5xxx/CVE-2017-5948.json | 120 +++--- 64 files changed, 5007 insertions(+), 5007 deletions(-) diff --git a/2006/2xxx/CVE-2006-2051.json b/2006/2xxx/CVE-2006-2051.json index 19ceb8fe8d9..8be7f519c3c 100644 --- a/2006/2xxx/CVE-2006-2051.json +++ b/2006/2xxx/CVE-2006-2051.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060425 NextAge Shopping Cart Software XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431983/100/0/threaded" - }, - { - "name" : "http://www.aria-security.net/advisory/nextage/nextageshoppingcart.txt", - "refsource" : "MISC", - "url" : "http://www.aria-security.net/advisory/nextage/nextageshoppingcart.txt" - }, - { - "name" : "17685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17685" - }, - { - "name" : "791", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/791" - }, - { - "name" : "nextageshoppingcart-index-xss(26065)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "nextageshoppingcart-index-xss(26065)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26065" + }, + { + "name": "20060425 NextAge Shopping Cart Software XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431983/100/0/threaded" + }, + { + "name": "17685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17685" + }, + { + "name": "http://www.aria-security.net/advisory/nextage/nextageshoppingcart.txt", + "refsource": "MISC", + "url": "http://www.aria-security.net/advisory/nextage/nextageshoppingcart.txt" + }, + { + "name": "791", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/791" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3025.json b/2006/3xxx/CVE-2006-3025.json index dddca7f7430..8693986ab8c 100644 --- a/2006/3xxx/CVE-2006-3025.json +++ b/2006/3xxx/CVE-2006-3025.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18351" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3114.json b/2006/3xxx/CVE-2006-3114.json index 7669375fa7b..05d0205bd33 100644 --- a/2006/3xxx/CVE-2006-3114.json +++ b/2006/3xxx/CVE-2006-3114.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the \"PC Tools AntiVirus\" directory, which allows local users to gain privileges and execute commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-3114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060803 Secunia Research: PC Tools AntiVirus Insecure Default DirectoryPermissions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442102/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2006-51/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-51/advisory/" - }, - { - "name" : "19322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19322" - }, - { - "name" : "ADV-2006-3134", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3134" - }, - { - "name" : "1016634", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016634" - }, - { - "name" : "21075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21075" - }, - { - "name" : "1340", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1340" - }, - { - "name" : "pctools-antivirus-directory-gain-privileges(28212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the \"PC Tools AntiVirus\" directory, which allows local users to gain privileges and execute commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19322" + }, + { + "name": "pctools-antivirus-directory-gain-privileges(28212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28212" + }, + { + "name": "http://secunia.com/secunia_research/2006-51/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-51/advisory/" + }, + { + "name": "ADV-2006-3134", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3134" + }, + { + "name": "20060803 Secunia Research: PC Tools AntiVirus Insecure Default DirectoryPermissions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442102/100/0/threaded" + }, + { + "name": "1340", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1340" + }, + { + "name": "1016634", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016634" + }, + { + "name": "21075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21075" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3149.json b/2006/3xxx/CVE-2006-3149.json index 8a62ea3ec3e..80de19870c5 100644 --- a/2006/3xxx/CVE-2006-3149.json +++ b/2006/3xxx/CVE-2006-3149.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/phpmyforum-413-xss-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/phpmyforum-413-xss-vuln.html" - }, - { - "name" : "18542", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18542" - }, - { - "name" : "ADV-2006-2437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2437" - }, - { - "name" : "26678", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26678" - }, - { - "name" : "20678", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20678" - }, - { - "name" : "phpmyforum-topic-xss(27250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20678", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20678" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/phpmyforum-413-xss-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/phpmyforum-413-xss-vuln.html" + }, + { + "name": "26678", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26678" + }, + { + "name": "18542", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18542" + }, + { + "name": "ADV-2006-2437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2437" + }, + { + "name": "phpmyforum-topic-xss(27250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27250" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3632.json b/2006/3xxx/CVE-2006-3632.json index a1d252d5375..3b44e92b4fd 100644 --- a/2006/3xxx/CVE-2006-3632.json +++ b/2006/3xxx/CVE-2006-3632.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060719 rPSA-2006-0132-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440576/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2006-01.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-512", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-512" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm" - }, - { - "name" : "DSA-1127", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1127" - }, - { - "name" : "GLSA-200607-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200607-09.xml" - }, - { - "name" : "MDKSA-2006:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128" - }, - { - "name" : "RHSA-2006:0602", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0602.html" - }, - { - "name" : "20060801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" - }, - { - "name" : "SUSE-SR:2006:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_20_sr.html" - }, - { - "name" : "19051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19051" - }, - { - "name" : "oval:org.mitre.oval:def:9468", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9468" - }, - { - "name" : "ADV-2006-2850", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2850" - }, - { - "name" : "27371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27371" - }, - { - "name" : "1016532", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016532" - }, - { - "name" : "21078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21078" - }, - { - "name" : "21107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21107" - }, - { - "name" : "21121", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21121" - }, - { - "name" : "21204", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21204" - }, - { - "name" : "21249", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21249" - }, - { - "name" : "21488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21488" - }, - { - "name" : "21598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21598" - }, - { - "name" : "22089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22089" - }, - { - "name" : "21467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21467" - }, - { - "name" : "wireshark-nfs-bo(27830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P" + }, + { + "name": "RHSA-2006:0602", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0602.html" + }, + { + "name": "SUSE-SR:2006:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_20_sr.html" + }, + { + "name": "27371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27371" + }, + { + "name": "oval:org.mitre.oval:def:9468", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9468" + }, + { + "name": "wireshark-nfs-bo(27830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27830" + }, + { + "name": "21121", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21121" + }, + { + "name": "1016532", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016532" + }, + { + "name": "21078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21078" + }, + { + "name": "GLSA-200607-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200607-09.xml" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-197.htm" + }, + { + "name": "21598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21598" + }, + { + "name": "21467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21467" + }, + { + "name": "22089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22089" + }, + { + "name": "21204", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21204" + }, + { + "name": "20060719 rPSA-2006-0132-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440576/100/0/threaded" + }, + { + "name": "ADV-2006-2850", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2850" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2006-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2006-01.html" + }, + { + "name": "DSA-1127", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1127" + }, + { + "name": "21107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21107" + }, + { + "name": "21249", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21249" + }, + { + "name": "MDKSA-2006:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:128" + }, + { + "name": "21488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21488" + }, + { + "name": "https://issues.rpath.com/browse/RPL-512", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-512" + }, + { + "name": "19051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19051" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3803.json b/2006/3xxx/CVE-2006-3803.json index bf37eb64e02..f10b4d882cb 100644 --- a/2006/3xxx/CVE-2006-3803.json +++ b/2006/3xxx/CVE-2006-3803.json @@ -1,357 +1,357 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-48.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-48.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "VU#265964", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/265964" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:10635", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10635" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-javascript-garbage-race-condition(27984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "mozilla-javascript-garbage-race-condition(27984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27984" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "VU#265964", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/265964" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "oval:org.mitre.oval:def:10635", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10635" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-48.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-48.html" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4174.json b/2006/4xxx/CVE-2006-4174.json index e7045ed9200..93f5ec6c566 100644 --- a/2006/4xxx/CVE-2006-4174.json +++ b/2006/4xxx/CVE-2006-4174.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4174", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4174", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4472.json b/2006/4xxx/CVE-2006-4472.json index 6c86b93279e..239c15d1abe 100644 --- a/2006/4xxx/CVE-2006-4472.json +++ b/2006/4xxx/CVE-2006-4472.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1841/78/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1841/78/" - }, - { - "name" : "http://www.joomla.org/content/view/1843/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1843/74/" - }, - { - "name" : "ADV-2006-3408", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3408" - }, - { - "name" : "21666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21666" - }, - { - "name" : "joomla-dopdf-security-bypass(28632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "joomla-dopdf-security-bypass(28632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28632" + }, + { + "name": "ADV-2006-3408", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3408" + }, + { + "name": "http://www.joomla.org/content/view/1841/78/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1841/78/" + }, + { + "name": "21666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21666" + }, + { + "name": "http://www.joomla.org/content/view/1843/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1843/74/" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4751.json b/2006/4xxx/CVE-2006-4751.json index ec1e1d84b78..f7b6b179eec 100644 --- a/2006/4xxx/CVE-2006-4751.json +++ b/2006/4xxx/CVE-2006-4751.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445727/100/0/threaded" - }, - { - "name" : "19948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19948" - }, - { - "name" : "ADV-2006-3560", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3560" - }, - { - "name" : "1016823", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016823" - }, - { - "name" : "21877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21877" - }, - { - "name" : "1565", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1565" - }, - { - "name" : "xhpcms-index-xss(28860)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3560", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3560" + }, + { + "name": "xhpcms-index-xss(28860)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28860" + }, + { + "name": "19948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19948" + }, + { + "name": "20060911 XHP CMS v0.5.1 Vuls Xss and Full path vuls", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445727/100/0/threaded" + }, + { + "name": "21877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21877" + }, + { + "name": "1016823", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016823" + }, + { + "name": "1565", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1565" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4892.json b/2006/4xxx/CVE-2006-4892.json index b2cfe5fc297..f82829ce50e 100644 --- a/2006/4xxx/CVE-2006-4892.json +++ b/2006/4xxx/CVE-2006-4892.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060917 Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446259/100/0/threaded" - }, - { - "name" : "2385", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2385" - }, - { - "name" : "20074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20074" - }, - { - "name" : "ADV-2006-3681", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3681" - }, - { - "name" : "21977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21977" - }, - { - "name" : "1615", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1615" - }, - { - "name" : "technodreams-faqview-sql-injection(28976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20074" + }, + { + "name": "20060917 Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446259/100/0/threaded" + }, + { + "name": "technodreams-faqview-sql-injection(28976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28976" + }, + { + "name": "1615", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1615" + }, + { + "name": "2385", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2385" + }, + { + "name": "ADV-2006-3681", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3681" + }, + { + "name": "21977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21977" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6406.json b/2006/6xxx/CVE-2006-6406.json index 891dda10e48..5d386a36cb4 100644 --- a/2006/6xxx/CVE-2006-6406.json +++ b/2006/6xxx/CVE-2006-6406.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453654/100/0/threaded" - }, - { - "name" : "http://www.quantenblog.net/security/virus-scanner-bypass", - "refsource" : "MISC", - "url" : "http://www.quantenblog.net/security/virus-scanner-bypass" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-14.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-14.txt" - }, - { - "name" : "DSA-1238", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1238" - }, - { - "name" : "MDKSA-2006:230", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230" - }, - { - "name" : "SUSE-SA:2006:078", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_78_clamav.html" - }, - { - "name" : "21461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21461" - }, - { - "name" : "ADV-2006-5113", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5113" - }, - { - "name" : "ADV-2006-4948", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4948" - }, - { - "name" : "23362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23362" - }, - { - "name" : "23460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23460" - }, - { - "name" : "23379", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23379" - }, - { - "name" : "23411", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23411" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21461" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-14.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-14.txt" + }, + { + "name": "23460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23460" + }, + { + "name": "ADV-2006-4948", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4948" + }, + { + "name": "DSA-1238", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1238" + }, + { + "name": "SUSE-SA:2006:078", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html" + }, + { + "name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded" + }, + { + "name": "23379", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23379" + }, + { + "name": "http://www.quantenblog.net/security/virus-scanner-bypass", + "refsource": "MISC", + "url": "http://www.quantenblog.net/security/virus-scanner-bypass" + }, + { + "name": "MDKSA-2006:230", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230" + }, + { + "name": "ADV-2006-5113", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5113" + }, + { + "name": "23411", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23411" + }, + { + "name": "23362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23362" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6470.json b/2006/6xxx/CVE-2006-6470.json index ee1bbb0ab63..95b28fd8197 100644 --- a/2006/6xxx/CVE-2006-6470.json +++ b/2006/6xxx/CVE-2006-6470.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" - }, - { - "name" : "23265", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23265", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23265" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6483.json b/2006/6xxx/CVE-2006-6483.json index 004b47e931a..9b976e38e72 100644 --- a/2006/6xxx/CVE-2006-6483.json +++ b/2006/6xxx/CVE-2006-6483.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using \"%00script\" in a tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454046/100/0/threaded" - }, - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb07-06.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb07-06.html" - }, - { - "name" : "21532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21532" - }, - { - "name" : "ADV-2006-4949", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4949" - }, - { - "name" : "1017361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017361" - }, - { - "name" : "23281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23281" - }, - { - "name" : "2021", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2021" - }, - { - "name" : "coldfusion-path-xss(30841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using \"%00script\" in a tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21532" + }, + { + "name": "1017361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017361" + }, + { + "name": "23281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23281" + }, + { + "name": "2021", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2021" + }, + { + "name": "coldfusion-path-xss(30841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30841" + }, + { + "name": "ADV-2006-4949", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4949" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb07-06.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb07-06.html" + }, + { + "name": "20061210 [SBDA] - ColdFusion MX7 - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454046/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7096.json b/2006/7xxx/CVE-2006-7096.json index d4a3a9f63fc..538abaf1aea 100644 --- a/2006/7xxx/CVE-2006-7096.json +++ b/2006/7xxx/CVE-2006-7096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/dim3bof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/dim3bof-adv.txt" - }, - { - "name" : "dim3-networkhosthandlejoin-bo(26085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/dim3bof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/dim3bof-adv.txt" + }, + { + "name": "dim3-networkhosthandlejoin-bo(26085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26085" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2300.json b/2010/2xxx/CVE-2010-2300.json index 0ce83d0ee8a..0b324f91854 100644 --- a/2010/2xxx/CVE-2010-2300.json +++ b/2010/2xxx/CVE-2010-2300.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=43315", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=43315" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" - }, - { - "name" : "SUSE-SR:2011:002", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" - }, - { - "name" : "oval:org.mitre.oval:def:11357", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11357" - }, - { - "name" : "40072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40072" - }, - { - "name" : "43068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43068" - }, - { - "name" : "ADV-2011-0212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43068" + }, + { + "name": "ADV-2011-0212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0212" + }, + { + "name": "40072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40072" + }, + { + "name": "oval:org.mitre.oval:def:11357", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11357" + }, + { + "name": "SUSE-SR:2011:002", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=43315", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=43315" + }, + { + "name": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2010/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2419.json b/2010/2xxx/CVE-2010-2419.json index 6036e78bb09..10f3108d0d4 100644 --- a/2010/2xxx/CVE-2010-2419.json +++ b/2010/2xxx/CVE-2010-2419.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - }, - { - "name" : "TA10-287A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + }, + { + "name": "TA10-287A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2494.json b/2010/2xxx/CVE-2010-2494.json index 20b11fffac4..74075d97969 100644 --- a/2010/2xxx/CVE-2010-2494.json +++ b/2010/2xxx/CVE-2010-2494.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20100705 Re: Request CVE ID for bogofilter base64 decoder", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127831760712436&w=2" - }, - { - "name" : "[oss-security] 20100705 Request CVE ID for bogofilter base64 decoder", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127814747231102&w=2" - }, - { - "name" : "[oss-security] 20100706 REPOST: CVE request for bogofilter", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127840569013531&w=2" - }, - { - "name" : "[oss-security] 20100706 Re: Request CVE ID for bogofilter base64 decoder", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=127844323105405&w=2" - }, - { - "name" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01" - }, - { - "name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909" - }, - { - "name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903", - "refsource" : "CONFIRM", - "url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=611551", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=611551" - }, - { - "name" : "FEDORA-2010-13139", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html" - }, - { - "name" : "FEDORA-2010-13154", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html" - }, - { - "name" : "SUSE-SR:2010:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" - }, - { - "name" : "openSUSE-SU-2013:0166", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00021.html" - }, - { - "name" : "openSUSE-SU-2012:1648", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html" - }, - { - "name" : "openSUSE-SU-2012:1650", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html" - }, - { - "name" : "USN-980-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-980-1" - }, - { - "name" : "41339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41339" - }, - { - "name" : "66002", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/66002" - }, - { - "name" : "40427", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40427" - }, - { - "name" : "41239", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41239" - }, - { - "name" : "ADV-2010-2233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2010-13139", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html" + }, + { + "name": "[oss-security] 20100706 REPOST: CVE request for bogofilter", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127840569013531&w=2" + }, + { + "name": "40427", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40427" + }, + { + "name": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01", + "refsource": "CONFIRM", + "url": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2010-01" + }, + { + "name": "41239", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41239" + }, + { + "name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909", + "refsource": "CONFIRM", + "url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909" + }, + { + "name": "66002", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/66002" + }, + { + "name": "openSUSE-SU-2012:1650", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00016.html" + }, + { + "name": "openSUSE-SU-2012:1648", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00015.html" + }, + { + "name": "[oss-security] 20100706 Re: Request CVE ID for bogofilter base64 decoder", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127844323105405&w=2" + }, + { + "name": "openSUSE-SU-2013:0166", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00021.html" + }, + { + "name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903", + "refsource": "CONFIRM", + "url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/src/base64.c?view=patch&r1=6906&r2=6903" + }, + { + "name": "ADV-2010-2233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2233" + }, + { + "name": "41339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41339" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=611551", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=611551" + }, + { + "name": "SUSE-SR:2010:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html" + }, + { + "name": "FEDORA-2010-13154", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html" + }, + { + "name": "[oss-security] 20100705 Request CVE ID for bogofilter base64 decoder", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127814747231102&w=2" + }, + { + "name": "USN-980-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-980-1" + }, + { + "name": "[oss-security] 20100705 Re: Request CVE ID for bogofilter base64 decoder", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=127831760712436&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2846.json b/2010/2xxx/CVE-2010-2846.json index 8c81de54d36..275389322fd 100644 --- a/2010/2xxx/CVE-2010-2846.json +++ b/2010/2xxx/CVE-2010-2846.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/512215/100/0/threaded" - }, - { - "name" : "14263", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14263" - }, - { - "name" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt" - }, - { - "name" : "41457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41457" - }, - { - "name" : "artforms-index-xss(60162)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41457" + }, + { + "name": "20100707 ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/512215/100/0/threaded" + }, + { + "name": "14263", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14263" + }, + { + "name": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1007-exploits/joomlaartforms-sqltraversalxss.txt" + }, + { + "name": "artforms-index-xss(60162)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60162" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0054.json b/2011/0xxx/CVE-2011-0054.json index 48f36bb8a57..94014fcc4f6 100644 --- a/2011/0xxx/CVE-2011-0054.json +++ b/2011/0xxx/CVE-2011-0054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an \"upvarMap\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-04.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=615657", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=615657" - }, - { - "name" : "http://downloads.avaya.com/css/P8/documents/100133195", - "refsource" : "CONFIRM", - "url" : "http://downloads.avaya.com/css/P8/documents/100133195" - }, - { - "name" : "MDVSA-2011:041", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" - }, - { - "name" : "46648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46648" - }, - { - "name" : "oval:org.mitre.oval:def:14018", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an \"upvarMap\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.avaya.com/css/P8/documents/100133195", + "refsource": "CONFIRM", + "url": "http://downloads.avaya.com/css/P8/documents/100133195" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-04.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-04.html" + }, + { + "name": "MDVSA-2011:041", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041" + }, + { + "name": "46648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46648" + }, + { + "name": "oval:org.mitre.oval:def:14018", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=615657", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=615657" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0171.json b/2011/0xxx/CVE-2011-0171.json index 6c2a4b8c93c..9f01333644b 100644 --- a/2011/0xxx/CVE-2011-0171.json +++ b/2011/0xxx/CVE-2011-0171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0171", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0171", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0316.json b/2011/0xxx/CVE-2011-0316.json index c95925505f1..82021cc2efb 100644 --- a/2011/0xxx/CVE-2011-0316.json +++ b/2011/0xxx/CVE-2011-0316.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" - }, - { - "name" : "PM24372", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372" - }, - { - "name" : "46736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46736" - }, - { - "name" : "42938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42938" - }, - { - "name" : "ADV-2011-0564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0564" - }, - { - "name" : "was-consoleservlet-info-disclosure(64558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" + }, + { + "name": "PM24372", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372" + }, + { + "name": "was-consoleservlet-info-disclosure(64558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64558" + }, + { + "name": "42938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42938" + }, + { + "name": "46736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46736" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" + }, + { + "name": "ADV-2011-0564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0564" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0396.json b/2011/0xxx/CVE-2011-0396.json index 5755fc95479..b475b496fbb 100644 --- a/2011/0xxx/CVE-2011-0396.json +++ b/2011/0xxx/CVE-2011-0396.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2011-0396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml" - }, - { - "name" : "1025108", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025108" - }, - { - "name" : "43488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43488" - }, - { - "name" : "ADV-2011-0493", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0493" - }, - { - "name" : "asa-ca-unauth-access(65591)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20110223 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e14d.shtml" + }, + { + "name": "1025108", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025108" + }, + { + "name": "asa-ca-unauth-access(65591)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65591" + }, + { + "name": "43488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43488" + }, + { + "name": "ADV-2011-0493", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0493" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0719.json b/2011/0xxx/CVE-2011-0719.json index f81948e9a41..c962542bd1e 100644 --- a/2011/0xxx/CVE-2011-0719.json +++ b/2011/0xxx/CVE-2011-0719.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://samba.org/samba/security/CVE-2011-0719.html", - "refsource" : "CONFIRM", - "url" : "http://samba.org/samba/security/CVE-2011-0719.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.3.15.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.3.15.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.4.12.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.4.12.html" - }, - { - "name" : "http://www.samba.org/samba/history/samba-3.5.7.html", - "refsource" : "CONFIRM", - "url" : "http://www.samba.org/samba/history/samba-3.5.7.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=678328", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678328" - }, - { - "name" : "http://support.apple.com/kb/HT4723", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4723" - }, - { - "name" : "APPLE-SA-2011-06-23-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" - }, - { - "name" : "DSA-2175", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2175" - }, - { - "name" : "FEDORA-2011-3118", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html" - }, - { - "name" : "FEDORA-2011-3120", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html" - }, - { - "name" : "HPSBUX02657", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130835366526620&w=2" - }, - { - "name" : "SSRT100460", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130835366526620&w=2" - }, - { - "name" : "MDVSA-2011:038", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:038" - }, - { - "name" : "RHSA-2011:0305", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0305.html" - }, - { - "name" : "RHSA-2011:0306", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0306.html" - }, - { - "name" : "SSA:2011-059-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629" - }, - { - "name" : "USN-1075-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1075-1" - }, - { - "name" : "46597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46597" - }, - { - "name" : "1025132", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025132" - }, - { - "name" : "43512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43512" - }, - { - "name" : "43482", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43482" - }, - { - "name" : "43503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43503" - }, - { - "name" : "43517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43517" - }, - { - "name" : "43556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43556" - }, - { - "name" : "43557", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43557" - }, - { - "name" : "43843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43843" - }, - { - "name" : "ADV-2011-0517", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0517" - }, - { - "name" : "ADV-2011-0518", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0518" - }, - { - "name" : "ADV-2011-0519", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0519" - }, - { - "name" : "ADV-2011-0520", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0520" - }, - { - "name" : "ADV-2011-0522", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0522" - }, - { - "name" : "ADV-2011-0541", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0541" - }, - { - "name" : "ADV-2011-0702", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0702" - }, - { - "name" : "samba-fdset-dos(65724)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02657", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130835366526620&w=2" + }, + { + "name": "ADV-2011-0522", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0522" + }, + { + "name": "SSA:2011-059-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629" + }, + { + "name": "1025132", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025132" + }, + { + "name": "http://support.apple.com/kb/HT4723", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4723" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=678328", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678328" + }, + { + "name": "RHSA-2011:0306", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0306.html" + }, + { + "name": "DSA-2175", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2175" + }, + { + "name": "46597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46597" + }, + { + "name": "ADV-2011-0541", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0541" + }, + { + "name": "ADV-2011-0517", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0517" + }, + { + "name": "ADV-2011-0702", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0702" + }, + { + "name": "APPLE-SA-2011-06-23-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.4.12.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.4.12.html" + }, + { + "name": "SSRT100460", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130835366526620&w=2" + }, + { + "name": "ADV-2011-0518", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0518" + }, + { + "name": "FEDORA-2011-3118", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html" + }, + { + "name": "43517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43517" + }, + { + "name": "43557", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43557" + }, + { + "name": "43556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43556" + }, + { + "name": "43512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43512" + }, + { + "name": "USN-1075-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1075-1" + }, + { + "name": "ADV-2011-0519", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0519" + }, + { + "name": "http://samba.org/samba/security/CVE-2011-0719.html", + "refsource": "CONFIRM", + "url": "http://samba.org/samba/security/CVE-2011-0719.html" + }, + { + "name": "ADV-2011-0520", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0520" + }, + { + "name": "FEDORA-2011-3120", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html" + }, + { + "name": "43503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43503" + }, + { + "name": "samba-fdset-dos(65724)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65724" + }, + { + "name": "RHSA-2011:0305", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0305.html" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.5.7.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.5.7.html" + }, + { + "name": "43482", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43482" + }, + { + "name": "43843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43843" + }, + { + "name": "MDVSA-2011:038", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:038" + }, + { + "name": "http://www.samba.org/samba/history/samba-3.3.15.html", + "refsource": "CONFIRM", + "url": "http://www.samba.org/samba/history/samba-3.3.15.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1244.json b/2011/1xxx/CVE-2011-1244.json index abbdda0a56f..4ead6e9ebbc 100644 --- a/2011/1xxx/CVE-2011-1244.json +++ b/2011/1xxx/CVE-2011-1244.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka \"Frame Tag Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-018", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018" - }, - { - "name" : "47191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47191" - }, - { - "name" : "71777", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71777" - }, - { - "name" : "oval:org.mitre.oval:def:11926", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926" - }, - { - "name" : "1025327", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka \"Frame Tag Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "71777", + "refsource": "OSVDB", + "url": "http://osvdb.org/71777" + }, + { + "name": "47191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47191" + }, + { + "name": "1025327", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025327" + }, + { + "name": "MS11-018", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018" + }, + { + "name": "oval:org.mitre.oval:def:11926", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1324.json b/2011/1xxx/CVE-2011-1324.json index e1c8b5d16d4..1d93b53d668 100644 --- a/2011/1xxx/CVE-2011-1324.json +++ b/2011/1xxx/CVE-2011-1324.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://buffalo.jp/support_s/20080808/csrf.html", - "refsource" : "CONFIRM", - "url" : "http://buffalo.jp/support_s/20080808/csrf.html" - }, - { - "name" : "JVN#50505257", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN50505257/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#50505257", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN50505257/index.html" + }, + { + "name": "http://buffalo.jp/support_s/20080808/csrf.html", + "refsource": "CONFIRM", + "url": "http://buffalo.jp/support_s/20080808/csrf.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1339.json b/2011/1xxx/CVE-2011-1339.json index f60798e5afd..bc76655f7ff 100644 --- a/2011/1xxx/CVE-2011-1339.json +++ b/2011/1xxx/CVE-2011-1339.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-1339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#86220950", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN86220950/index.html" - }, - { - "name" : "JVNDB-2011-000054", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#86220950", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN86220950/index.html" + }, + { + "name": "JVNDB-2011-000054", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000054" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1366.json b/2011/1xxx/CVE-2011-1366.json index c74c5405fee..626adeb02d6 100644 --- a/2011/1xxx/CVE-2011-1366.json +++ b/2011/1xxx/CVE-2011-1366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21515110", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21515110" - }, - { - "name" : "46326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46326" - }, - { - "name" : "46329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46329" - }, - { - "name" : "rational-appscan-zip-code-execution(70043)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Import feature in IBM Rational AppScan Enterprise and AppScan Reporting Console 5.2 through 7.9.x and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary commands on an agent server via a crafted ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rational-appscan-zip-code-execution(70043)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70043" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21515110" + }, + { + "name": "46329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46329" + }, + { + "name": "46326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46326" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1818.json b/2011/1xxx/CVE-2011-1818.json index 5a236acfcd1..de4c226db36 100644 --- a/2011/1xxx/CVE-2011-1818.json +++ b/2011/1xxx/CVE-2011-1818.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-1818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=81949", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=81949" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" - }, - { - "name" : "48129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48129" - }, - { - "name" : "72788", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72788" - }, - { - "name" : "oval:org.mitre.oval:def:14757", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14757" - }, - { - "name" : "44829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44829" - }, - { - "name" : "chrome-image-loader-code-execution(67901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the image loader in Google Chrome before 12.0.742.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chrome-image-loader-code-execution(67901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67901" + }, + { + "name": "44829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44829" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=81949", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=81949" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html" + }, + { + "name": "72788", + "refsource": "OSVDB", + "url": "http://osvdb.org/72788" + }, + { + "name": "oval:org.mitre.oval:def:14757", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14757" + }, + { + "name": "48129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48129" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1939.json b/2011/1xxx/CVE-2011-1939.json index 5b69f801e00..eae1ea54cb6 100644 --- a/2011/1xxx/CVE-2011-1939.json +++ b/2011/1xxx/CVE-2011-1939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4223.json b/2011/4xxx/CVE-2011-4223.json index 22465df771b..bc8ce844a87 100644 --- a/2011/4xxx/CVE-2011-4223.json +++ b/2011/4xxx/CVE-2011-4223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#275036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275036" - }, - { - "name" : "absolute-pdf-code-execution(71094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "absolute-pdf-code-execution(71094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71094" + }, + { + "name": "VU#275036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275036" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4586.json b/2011/4xxx/CVE-2011-4586.json index 49c66ff04a3..18153cc04d7 100644 --- a/2011/4xxx/CVE-2011-4586.json +++ b/2011/4xxx/CVE-2011-4586.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191754", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191754" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - }, - { - "name" : "DSA-2421", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=581e8dba387f090d89382115fd850d8b44351526" + }, + { + "name": "DSA-2421", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2421" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191754", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191754" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5050.json b/2011/5xxx/CVE-2011-5050.json index 28989b3b2e3..30d05ad589e 100644 --- a/2011/5xxx/CVE-2011-5050.json +++ b/2011/5xxx/CVE-2011-5050.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=60", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=60" - }, - { - "name" : "77986", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77986" - }, - { - "name" : "47304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47304" - }, - { - "name" : "cyberoamutm-controller-sql-injection(71920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47304" + }, + { + "name": "77986", + "refsource": "OSVDB", + "url": "http://osvdb.org/77986" + }, + { + "name": "cyberoamutm-controller-sql-injection(71920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71920" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=60", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=60" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5130.json b/2011/5xxx/CVE-2011-5130.json index 21a5bd67e25..687afa88b1a 100644 --- a/2011/5xxx/CVE-2011-5130.json +++ b/2011/5xxx/CVE-2011-5130.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18198", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18198" - }, - { - "name" : "18208", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18208" - }, - { - "name" : "http://sourceforge.net/apps/trac/fam-connections/ticket/407", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/apps/trac/fam-connections/ticket/407" - }, - { - "name" : "https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/", - "refsource" : "CONFIRM", - "url" : "https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/" - }, - { - "name" : "77492", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/77492" - }, - { - "name" : "47069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47069" - }, - { - "name" : "family-connections-less-command-exec(71618)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47069" + }, + { + "name": "http://sourceforge.net/apps/trac/fam-connections/ticket/407", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/apps/trac/fam-connections/ticket/407" + }, + { + "name": "family-connections-less-command-exec(71618)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71618" + }, + { + "name": "18198", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18198" + }, + { + "name": "18208", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18208" + }, + { + "name": "https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/", + "refsource": "CONFIRM", + "url": "https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/" + }, + { + "name": "77492", + "refsource": "OSVDB", + "url": "http://osvdb.org/77492" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2260.json b/2014/2xxx/CVE-2014-2260.json index 0a66fb4e07e..e5128046364 100644 --- a/2014/2xxx/CVE-2014-2260.json +++ b/2014/2xxx/CVE-2014-2260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310", - "refsource" : "MISC", - "url" : "https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" - }, - { - "name" : "https://github.com/Eugeny/ajenti/issues/233", - "refsource" : "CONFIRM", - "url" : "https://github.com/Eugeny/ajenti/issues/233" - }, - { - "name" : "64982", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64982" - }, - { - "name" : "102174", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/102174" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64982", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64982" + }, + { + "name": "102174", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/102174" + }, + { + "name": "http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html" + }, + { + "name": "https://github.com/Eugeny/ajenti/issues/233", + "refsource": "CONFIRM", + "url": "https://github.com/Eugeny/ajenti/issues/233" + }, + { + "name": "https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310", + "refsource": "MISC", + "url": "https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2584.json b/2014/2xxx/CVE-2014-2584.json index 1f6aade808b..a6e131e8d41 100644 --- a/2014/2xxx/CVE-2014-2584.json +++ b/2014/2xxx/CVE-2014-2584.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2584", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2584", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2590.json b/2014/2xxx/CVE-2014-2590.json index 8899a1381f7..8767d38b516 100644 --- a/2014/2xxx/CVE-2014-2590.json +++ b/2014/2xxx/CVE-2014-2590.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01" - }, - { - "name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for RS950G, ROS 3.12, and ROS 4.0 for RSG2488 allows remote attackers to cause a denial of service (interface outage) via crafted HTTP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-087-01" + }, + { + "name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2668.json b/2014/2xxx/CVE-2014-2668.json index 1ef1317d2ec..6ebcfba7e63 100644 --- a/2014/2xxx/CVE-2014-2668.json +++ b/2014/2xxx/CVE-2014-2668.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32519", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/32519" - }, - { - "name" : "http://packetstormsecurity.com/files/125889", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125889" - }, - { - "name" : "openSUSE-SU-2014:0526", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" - }, - { - "name" : "66474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66474" - }, - { - "name" : "1029967", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029967" - }, - { - "name" : "57572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57572" - }, - { - "name" : "apache-couchdb-cve20142668-dos(92161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-couchdb-cve20142668-dos(92161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92161" + }, + { + "name": "66474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66474" + }, + { + "name": "57572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57572" + }, + { + "name": "openSUSE-SU-2014:0526", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00039.html" + }, + { + "name": "32519", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/32519" + }, + { + "name": "1029967", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029967" + }, + { + "name": "http://packetstormsecurity.com/files/125889", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125889" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3113.json b/2014/3xxx/CVE-2014-3113.json index c0a66ed3106..b5921031b1d 100644 --- a/2014/3xxx/CVE-2014-3113.json +++ b/2014/3xxx/CVE-2014-3113.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption/", - "refsource" : "MISC", - "url" : "http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption/" - }, - { - "name" : "http://service.real.com/realplayer/security/06272014_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/06272014_player/en/" - }, - { - "name" : "1030524", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030524" - }, - { - "name" : "59238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59238" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption/", + "refsource": "MISC", + "url": "http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption/" + }, + { + "name": "1030524", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030524" + }, + { + "name": "http://service.real.com/realplayer/security/06272014_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/06272014_player/en/" + }, + { + "name": "59238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59238" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3412.json b/2014/3xxx/CVE-2014-3412.json index 9442388c22c..bcebe404352 100644 --- a/2014/3xxx/CVE-2014-3412.json +++ b/2014/3xxx/CVE-2014-3412.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626" - }, - { - "name" : "67454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67454" - }, - { - "name" : "1030254", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67454" + }, + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626" + }, + { + "name": "1030254", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030254" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3438.json b/2014/3xxx/CVE-2014-3438.json index 57b6b7b63fd..1e3bbdb608a 100644 --- a/2014/3xxx/CVE-2014-3438.json +++ b/2014/3xxx/CVE-2014-3438.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2014-3438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533918/100/0/threaded" - }, - { - "name" : "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Nov/7" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00" - }, - { - "name" : "70844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70844" - }, - { - "name" : "1031176", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031176" - }, - { - "name" : "symantec-endpoint-cve20143438-xss(98526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/98526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "symantec-endpoint-cve20143438-xss(98526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98526" + }, + { + "name": "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Nov/7" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00" + }, + { + "name": "70844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70844" + }, + { + "name": "20141106 SEC Consult SA-20141106-0 :: XXE & XSS & Arbitrary File Write vulnerabilities in Symantec Endpoint Protection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533918/100/0/threaded" + }, + { + "name": "1031176", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031176" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6361.json b/2014/6xxx/CVE-2014-6361.json index 27e54f299cd..7f10cff7bc2 100644 --- a/2014/6xxx/CVE-2014-6361.json +++ b/2014/6xxx/CVE-2014-6361.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-083", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka \"Excel Invalid Pointer Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-083", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-083" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6368.json b/2014/6xxx/CVE-2014-6368.json index 0e3e5db9431..de10f7b3b66 100644 --- a/2014/6xxx/CVE-2014-6368.json +++ b/2014/6xxx/CVE-2014-6368.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka \"Internet Explorer ASLR Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-080" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6437.json b/2014/6xxx/CVE-2014-6437.json index fd85118e2ae..c3afec6b120 100644 --- a/2014/6xxx/CVE-2014-6437.json +++ b/2014/6xxx/CVE-2014-6437.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/533489/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html" - }, - { - "name" : "69808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "69808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69808" + }, + { + "name": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/128254/Aztech-DSL5018EN-DSL705E-DSL705EU-DoS-Broken-Session-Management.html" + }, + { + "name": "20140919 Re: Multiple Vulnerabilities with Aztech Modem Routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/533489/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6888.json b/2014/6xxx/CVE-2014-6888.json index 0d0469d68a9..fae13a8f2ab 100644 --- a/2014/6xxx/CVE-2014-6888.json +++ b/2014/6xxx/CVE-2014-6888.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#277577", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/277577" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#277577", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/277577" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6946.json b/2014/6xxx/CVE-2014-6946.json index 67635891a4b..d8900e58c54 100644 --- a/2014/6xxx/CVE-2014-6946.json +++ b/2014/6xxx/CVE-2014-6946.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#283561", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/283561" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#283561", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/283561" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7113.json b/2014/7xxx/CVE-2014-7113.json index 35db716eaee..14c2920995b 100644 --- a/2014/7xxx/CVE-2014-7113.json +++ b/2014/7xxx/CVE-2014-7113.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#690913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/690913" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#690913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/690913" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7333.json b/2014/7xxx/CVE-2014-7333.json index 2e6db6983bb..f026e4f10ee 100644 --- a/2014/7xxx/CVE-2014-7333.json +++ b/2014/7xxx/CVE-2014-7333.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#618049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/618049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#618049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/618049" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7705.json b/2014/7xxx/CVE-2014-7705.json index ec78bd83935..f77d01e08bf 100644 --- a/2014/7xxx/CVE-2014-7705.json +++ b/2014/7xxx/CVE-2014-7705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#553985", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/553985" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#553985", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/553985" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7844.json b/2014/7xxx/CVE-2014-7844.json index 40a3305c1c6..2605bc81c9f 100644 --- a/2014/7xxx/CVE-2014-7844.json +++ b/2014/7xxx/CVE-2014-7844.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7844", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7844", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2918.json b/2016/2xxx/CVE-2016-2918.json index b5641be60ba..976000c3803 100644 --- a/2016/2xxx/CVE-2016-2918.json +++ b/2016/2xxx/CVE-2016-2918.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2918", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2918", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0350.json b/2017/0xxx/CVE-2017-0350.json index f5cef939d32..770be069081 100644 --- a/2017/0xxx/CVE-2017-0350.json +++ b/2017/0xxx/CVE-2017-0350.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" - }, - { - "name" : "98490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" + }, + { + "name": "98490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98490" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0351.json b/2017/0xxx/CVE-2017-0351.json index 50a50955a06..088a2bedc46 100644 --- a/2017/0xxx/CVE-2017-0351.json +++ b/2017/0xxx/CVE-2017-0351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" - }, - { - "name" : "98497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4462" + }, + { + "name": "98497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98497" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0785.json b/2017/0xxx/CVE-2017-0785.json index fd7d3c32d5e..037e8bacc80 100644 --- a/2017/0xxx/CVE-2017-0785.json +++ b/2017/0xxx/CVE-2017-0785.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-0785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "4.4.4" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "5.1.1" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "7.0" - }, - { - "version_value" : "7.1.1" - }, - { - "version_value" : "7.1.2" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "4.4.4" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "5.1.1" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "7.0" + }, + { + "version_value": "7.1.1" + }, + { + "version_value": "7.1.2" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" - }, - { - "name" : "100812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100812" - }, - { - "name" : "1041300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" + }, + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "1041300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041300" + }, + { + "name": "100812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100812" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0927.json b/2017/0xxx/CVE-2017-0927.json index 95b49564860..2d95c52fe9b 100644 --- a/2017/0xxx/CVE-2017-0927.json +++ b/2017/0xxx/CVE-2017-0927.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GitLab Community and Enterprise Editions", - "version" : { - "version_data" : [ - { - "version_value" : "8.10.6 - 10.1.5 Fixed in 10.1.6" - }, - { - "version_value" : "10.2.0 - 10.2.5 Fixed in 10.2.6" - }, - { - "version_value" : "10.3.0 - 10.3.3 Fixed in 10.3.4" - } - ] - } - } - ] - }, - "vendor_name" : "GitLab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization (CWE-285)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GitLab Community and Enterprise Editions", + "version": { + "version_data": [ + { + "version_value": "8.10.6 - 10.1.5 Fixed in 10.1.6" + }, + { + "version_value": "10.2.0 - 10.2.5 Fixed in 10.2.6" + }, + { + "version_value": "10.3.0 - 10.3.3 Fixed in 10.3.4" + } + ] + } + } + ] + }, + "vendor_name": "GitLab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization (CWE-285)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594" + }, + { + "name": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18166.json b/2017/18xxx/CVE-2017-18166.json index 396c4cce26a..359b4fde6ce 100644 --- a/2017/18xxx/CVE-2017-18166.json +++ b/2017/18xxx/CVE-2017-18166.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18166", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18166", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1189.json b/2017/1xxx/CVE-2017-1189.json index 36afdd0ff60..12474ed2a5d 100644 --- a/2017/1xxx/CVE-2017-1189.json +++ b/2017/1xxx/CVE-2017-1189.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008028", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008028" - }, - { - "name" : "100699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100699" - }, - { - "name" : "1039268", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123558." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039268", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039268" + }, + { + "name": "100699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100699" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008028", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008028" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123558" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1396.json b/2017/1xxx/CVE-2017-1396.json index 7f0085231d8..896abaa55e0 100644 --- a/2017/1xxx/CVE-2017-1396.json +++ b/2017/1xxx/CVE-2017-1396.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-01T00:00:00", - "ID" : "CVE-2017-1396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.2.1" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.3.1" - }, - { - "version_value" : "5.2.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "4.200", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-01T00:00:00", + "ID": "CVE-2017-1396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.3.1" + }, + { + "version_value": "5.2.3.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869" - }, - { - "name" : "ibm-sig-cve20171396-priv-escalation(127342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "4.200", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016869", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869" + }, + { + "name": "ibm-sig-cve20171396-priv-escalation(127342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127342" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1435.json b/2017/1xxx/CVE-2017-1435.json index af52e92c7e7..047c7320aa5 100644 --- a/2017/1xxx/CVE-2017-1435.json +++ b/2017/1xxx/CVE-2017-1435.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1435", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1435", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1712.json b/2017/1xxx/CVE-2017-1712.json index 2f9cd5acfd8..258376e2640 100644 --- a/2017/1xxx/CVE-2017-1712.json +++ b/2017/1xxx/CVE-2017-1712.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1712", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1712", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5156.json b/2017/5xxx/CVE-2017-5156.json index 2d36bb5891e..b89c924f142 100644 --- a/2017/5xxx/CVE-2017-5156.json +++ b/2017/5xxx/CVE-2017-5156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-5156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schneider Electric Wonderware InTouch Access Anywhere", - "version" : { - "version_data" : [ - { - "version_value" : "Schneider Electric Wonderware InTouch Access Anywhere" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-5156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schneider Electric Wonderware InTouch Access Anywhere", + "version": { + "version_data": [ + { + "version_value": "Schneider Electric Wonderware InTouch Access Anywhere" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/", - "refsource" : "MISC", - "url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01" - }, - { - "name" : "97256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Request Forgery issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. The client request may be forged from a different site. This will allow an external site to access internal RDP systems on behalf of the currently logged in user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/", + "refsource": "MISC", + "url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000114/" + }, + { + "name": "97256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97256" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-089-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5200.json b/2017/5xxx/CVE-2017-5200.json index 57725de36f8..4c53a086a27 100644 --- a/2017/5xxx/CVE-2017-5200.json +++ b/2017/5xxx/CVE-2017-5200.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html" - }, - { - "name" : "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html" - }, - { - "name" : "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html", - "refsource" : "CONFIRM", - "url" : "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/2016.3/topics/releases/2015.8.13.html" + }, + { + "name": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/2016.3/topics/releases/2016.3.5.html" + }, + { + "name": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html", + "refsource": "CONFIRM", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2016.11.2.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5464.json b/2017/5xxx/CVE-2017-5464.json index fa70334f062..5d2d70b9206 100644 --- a/2017/5xxx/CVE-2017-5464.json +++ b/2017/5xxx/CVE-2017-5464.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory corruption with accessibility and DOM manipulation" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory corruption with accessibility and DOM manipulation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1347075" + }, + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5680.json b/2017/5xxx/CVE-2017-5680.json index 33a1c008597..40b589401f5 100644 --- a/2017/5xxx/CVE-2017-5680.json +++ b/2017/5xxx/CVE-2017-5680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5948.json b/2017/5xxx/CVE-2017-5948.json index 495ca74f47b..477327311e8 100644 --- a/2017/5xxx/CVE-2017-5948.json +++ b/2017/5xxx/CVE-2017-5948.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5948", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://alephsecurity.com/vulns/aleph-2017008", - "refsource" : "MISC", - "url" : "https://alephsecurity.com/vulns/aleph-2017008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. OxygenOS and HydrogenOS are vulnerable to downgrade attacks. This is due to a lenient 'updater-script' in OTAs that does not check that the current version is lower than or equal to the given image's. Downgrades can occur even on locked bootloaders and without triggering a factory reset, allowing for exploitation of now-patched vulnerabilities with access to user data. This vulnerability can be exploited by a Man-in-the-Middle (MiTM) attacker targeting the update process. This is possible because the update transaction does not occur over TLS (CVE-2016-10370). In addition, a physical attacker can reboot the phone into recovery, and then use 'adb sideload' to push the OTA (on OnePlus 3/3T 'Secure Start-up' must be off)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://alephsecurity.com/vulns/aleph-2017008", + "refsource": "MISC", + "url": "https://alephsecurity.com/vulns/aleph-2017008" + } + ] + } +} \ No newline at end of file