diff --git a/2006/3xxx/CVE-2006-3289.json b/2006/3xxx/CVE-2006-3289.json index 9a696ee1441..7151cfd883d 100644 --- a/2006/3xxx/CVE-2006-3289.json +++ b/2006/3xxx/CVE-2006-3289.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060628 Multiple Vulnerabilities in Wireless Control System", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" - }, - { - "name" : "18701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18701" - }, - { - "name" : "ADV-2006-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2583" - }, - { - "name" : "26880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26880" - }, - { - "name" : "1016398", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016398" - }, - { - "name" : "20870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20870" - }, - { - "name" : "cisco-wcs-http-xss(27441)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a \"malicious URL\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2583" + }, + { + "name": "20870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20870" + }, + { + "name": "cisco-wcs-http-xss(27441)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27441" + }, + { + "name": "20060628 Multiple Vulnerabilities in Wireless Control System", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml" + }, + { + "name": "26880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26880" + }, + { + "name": "1016398", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016398" + }, + { + "name": "18701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18701" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3615.json b/2006/3xxx/CVE-2006-3615.json index 0c883373bf8..f3c82ca7f68 100644 --- a/2006/3xxx/CVE-2006-3615.json +++ b/2006/3xxx/CVE-2006-3615.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060713 PHORUM 5 arbitrary local inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0191.html" - }, - { - "name" : "20060713 Phorum 5.1.15 security release (fixes \"PHORUM 5 arbitrary local inclusion\")", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2006-07/0200.html" - }, - { - "name" : "http://retrogod.altervista.org/phorum5_local_incl_xpl.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/phorum5_local_incl_xpl.html" - }, - { - "name" : "http://www.phorum.org/phorum5/read.php?14,114358", - "refsource" : "CONFIRM", - "url" : "http://www.phorum.org/phorum5/read.php?14,114358" - }, - { - "name" : "ADV-2006-2794", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2794" - }, - { - "name" : "27164", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27164" - }, - { - "name" : "27167", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27167" - }, - { - "name" : "21043", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060713 Phorum 5.1.15 security release (fixes \"PHORUM 5 arbitrary local inclusion\")", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0200.html" + }, + { + "name": "21043", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21043" + }, + { + "name": "27164", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27164" + }, + { + "name": "http://www.phorum.org/phorum5/read.php?14,114358", + "refsource": "CONFIRM", + "url": "http://www.phorum.org/phorum5/read.php?14,114358" + }, + { + "name": "ADV-2006-2794", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2794" + }, + { + "name": "27167", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27167" + }, + { + "name": "http://retrogod.altervista.org/phorum5_local_incl_xpl.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/phorum5_local_incl_xpl.html" + }, + { + "name": "20060713 PHORUM 5 arbitrary local inclusion", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0191.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3622.json b/2006/3xxx/CVE-2006-3622.json index 746fbcb18ba..ee0fc7d326e 100644 --- a/2006/3xxx/CVE-2006-3622.json +++ b/2006/3xxx/CVE-2006-3622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060815 Koobi Pro CMS 5.6 SQL injection & XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443294/100/100/threaded" - }, - { - "name" : "1016485", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060815 Koobi Pro CMS 5.6 SQL injection & XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443294/100/100/threaded" + }, + { + "name": "1016485", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016485" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3744.json b/2006/3xxx/CVE-2006-3744.json index 95581b18edc..f7410347172 100644 --- a/2006/3xxx/CVE-2006-3744.json +++ b/2006/3xxx/CVE-2006-3744.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=144854", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=144854" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-605", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-605" - }, - { - "name" : "DSA-1168", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1168" - }, - { - "name" : "GLSA-200609-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-14.xml" - }, - { - "name" : "MDKSA-2006:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:155" - }, - { - "name" : "RHSA-2006:0633", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0633.html" - }, - { - "name" : "20060901-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:050", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html" - }, - { - "name" : "USN-340-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-340-1" - }, - { - "name" : "19699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19699" - }, - { - "name" : "oval:org.mitre.oval:def:11486", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486" - }, - { - "name" : "ADV-2006-3375", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3375" - }, - { - "name" : "28204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28204" - }, - { - "name" : "1016749", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016749" - }, - { - "name" : "21615", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21615" - }, - { - "name" : "21679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21679" - }, - { - "name" : "21719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21719" - }, - { - "name" : "21780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21780" - }, - { - "name" : "21671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21671" - }, - { - "name" : "21832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21832" - }, - { - "name" : "21621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21621" - }, - { - "name" : "22036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22036" - }, - { - "name" : "22096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22096" - }, - { - "name" : "imagemagick-rasterfile-bo(28574)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21679" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=144854", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=144854" + }, + { + "name": "USN-340-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-340-1" + }, + { + "name": "21780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21780" + }, + { + "name": "21671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21671" + }, + { + "name": "21832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21832" + }, + { + "name": "imagemagick-rasterfile-bo(28574)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28574" + }, + { + "name": "SUSE-SA:2006:050", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_50_imagemagick.html" + }, + { + "name": "21615", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21615" + }, + { + "name": "DSA-1168", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1168" + }, + { + "name": "https://issues.rpath.com/browse/RPL-605", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-605" + }, + { + "name": "oval:org.mitre.oval:def:11486", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11486" + }, + { + "name": "MDKSA-2006:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:155" + }, + { + "name": "GLSA-200609-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-14.xml" + }, + { + "name": "21719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21719" + }, + { + "name": "22096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22096" + }, + { + "name": "21621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21621" + }, + { + "name": "20060901-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc" + }, + { + "name": "ADV-2006-3375", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3375" + }, + { + "name": "RHSA-2006:0633", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0633.html" + }, + { + "name": "1016749", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016749" + }, + { + "name": "22036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22036" + }, + { + "name": "19699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19699" + }, + { + "name": "28204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28204" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3920.json b/2006/3xxx/CVE-2006-3920.json index f4ba3990308..d86abe0750d 100644 --- a/2006/3xxx/CVE-2006-3920.json +++ b/2006/3xxx/CVE-2006-3920.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm" - }, - { - "name" : "102206", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102206-1" - }, - { - "name" : "ADV-2006-2997", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2997" - }, - { - "name" : "oval:org.mitre.oval:def:1374", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1374" - }, - { - "name" : "1016589", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016589" - }, - { - "name" : "21226", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21226" - }, - { - "name" : "22425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22425" - }, - { - "name" : "solaris-tcp-packet-dos(28048)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "22425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22425" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-204.htm" + }, + { + "name": "oval:org.mitre.oval:def:1374", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1374" + }, + { + "name": "solaris-tcp-packet-dos(28048)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28048" + }, + { + "name": "102206", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102206-1" + }, + { + "name": "1016589", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016589" + }, + { + "name": "21226", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21226" + }, + { + "name": "ADV-2006-2997", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2997" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3975.json b/2006/3xxx/CVE-2006-3975.json index e9c3959f229..9af2c011b6c 100644 --- a/2006/3xxx/CVE-2006-3975.json +++ b/2006/3xxx/CVE-2006-3975.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to \"improper bounds checking when processing certain user input.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/442244/100/0/threaded" - }, - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", - "refsource" : "CONFIRM", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" - }, - { - "name" : "ADV-2006-3166", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3166" - }, - { - "name" : "1016637", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016637" - }, - { - "name" : "21320", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to \"improper bounds checking when processing certain user input.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-3166", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3166" + }, + { + "name": "20060804 CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/442244/100/0/threaded" + }, + { + "name": "1016637", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016637" + }, + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509", + "refsource": "CONFIRM", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34509" + }, + { + "name": "21320", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21320" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4429.json b/2006/4xxx/CVE-2006-4429.json index ed519e7fbf2..be54fa23b89 100644 --- a/2006/4xxx/CVE-2006-4429.json +++ b/2006/4xxx/CVE-2006-4429.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060818 PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=115629049105999&w=2" - }, - { - "name" : "20060826 Re:PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444215/100/0/threaded" - }, - { - "name" : "29355", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/29355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060818 PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=115629049105999&w=2" + }, + { + "name": "29355", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/29355" + }, + { + "name": "20060826 Re:PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444215/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4555.json b/2006/4xxx/CVE-2006-4555.json index ecdc93cf04f..f616e31168f 100644 --- a/2006/4xxx/CVE-2006-4555.json +++ b/2006/4xxx/CVE-2006-4555.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#649289", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/649289" - }, - { - "name" : "19810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19810" - }, - { - "name" : "ADV-2006-3434", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3434" - }, - { - "name" : "1016781", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016781" - }, - { - "name" : "21743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21743" - }, - { - "name" : "cr64loader-activex-bo(28735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#649289", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/649289" + }, + { + "name": "21743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21743" + }, + { + "name": "cr64loader-activex-bo(28735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28735" + }, + { + "name": "ADV-2006-3434", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3434" + }, + { + "name": "1016781", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016781" + }, + { + "name": "19810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19810" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4648.json b/2006/4xxx/CVE-2006-4648.json index 38db5bd1cb5..2faaecfa93f 100644 --- a/2006/4xxx/CVE-2006-4648.json +++ b/2006/4xxx/CVE-2006-4648.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445506/100/0/threaded" - }, - { - "name" : "2312", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2312" - }, - { - "name" : "19877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19877" - }, - { - "name" : "ADV-2006-3494", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3494" - }, - { - "name" : "1016811", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016811" - }, - { - "name" : "21804", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21804" - }, - { - "name" : "bingo-bpncom-file-include(28769)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bingo-bpncom-file-include(28769)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28769" + }, + { + "name": "21804", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21804" + }, + { + "name": "2312", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2312" + }, + { + "name": "ADV-2006-3494", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3494" + }, + { + "name": "1016811", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016811" + }, + { + "name": "19877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19877" + }, + { + "name": "20060907 BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445506/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4744.json b/2006/4xxx/CVE-2006-4744.json index eb6b89fb828..925f716ecf3 100644 --- a/2006/4xxx/CVE-2006-4744.json +++ b/2006/4xxx/CVE-2006-4744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 Airscanner Mobile Security Advisory #06070101: Abidia & OAnywhere (All versions)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445608/100/0/threaded" - }, - { - "name" : "http://www.airscanner.com/security/06070101_abidia_oanywhere.htm", - "refsource" : "MISC", - "url" : "http://www.airscanner.com/security/06070101_abidia_oanywhere.htm" - }, - { - "name" : "1560", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1560", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1560" + }, + { + "name": "20060907 Airscanner Mobile Security Advisory #06070101: Abidia & OAnywhere (All versions)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445608/100/0/threaded" + }, + { + "name": "http://www.airscanner.com/security/06070101_abidia_oanywhere.htm", + "refsource": "MISC", + "url": "http://www.airscanner.com/security/06070101_abidia_oanywhere.htm" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6085.json b/2006/6xxx/CVE-2006-6085.json index 3e5558d3cb1..5b1de840ad7 100644 --- a/2006/6xxx/CVE-2006-6085.json +++ b/2006/6xxx/CVE-2006-6085.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=464713", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=464713" - }, - { - "name" : "GLSA-200611-21", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200611-21.xml" - }, - { - "name" : "21200", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21200" - }, - { - "name" : "ADV-2006-4615", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4615" - }, - { - "name" : "23035", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23035" - }, - { - "name" : "23099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23099" - }, - { - "name" : "kile-backup-insecure-permission(30414)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kile-backup-insecure-permission(30414)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30414" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=464713", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=464713" + }, + { + "name": "21200", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21200" + }, + { + "name": "ADV-2006-4615", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4615" + }, + { + "name": "GLSA-200611-21", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200611-21.xml" + }, + { + "name": "23099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23099" + }, + { + "name": "23035", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23035" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6183.json b/2006/6xxx/CVE-2006-6183.json index a6ab198d27d..dbdf435a6e9 100644 --- a/2006/6xxx/CVE-2006-6183.json +++ b/2006/6xxx/CVE-2006-6183.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061126 TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452754/100/0/threaded" - }, - { - "name" : "21322", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21322" - }, - { - "name" : "21301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21301" - }, - { - "name" : "ADV-2006-4738", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4738" - }, - { - "name" : "23113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23113" - }, - { - "name" : "1930", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1930" - }, - { - "name" : "3ctftpsvc-transporting-mode-bo(30545)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30545" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4738", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4738" + }, + { + "name": "21301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21301" + }, + { + "name": "3ctftpsvc-transporting-mode-bo(30545)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30545" + }, + { + "name": "21322", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21322" + }, + { + "name": "1930", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1930" + }, + { + "name": "23113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23113" + }, + { + "name": "20061126 TFTP Server 3CTftpSvc Buffer Overflow Vulnerability (Long transporting mode)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452754/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6220.json b/2006/6xxx/CVE-2006-6220.json index bcf024da416..621b62f65cf 100644 --- a/2006/6xxx/CVE-2006-6220.json +++ b/2006/6xxx/CVE-2006-6220.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2834", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2834" - }, - { - "name" : "21270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21270" - }, - { - "name" : "ADV-2006-4686", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4686" - }, - { - "name" : "23083", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23083" - }, - { - "name" : "recipes-list-sql-injection(30509)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30509" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21270" + }, + { + "name": "23083", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23083" + }, + { + "name": "2834", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2834" + }, + { + "name": "recipes-list-sql-injection(30509)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30509" + }, + { + "name": "ADV-2006-4686", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4686" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6977.json b/2006/6xxx/CVE-2006-6977.json index 8de3784931b..d7794e41f52 100644 --- a/2006/6xxx/CVE-2006-6977.json +++ b/2006/6xxx/CVE-2006-6977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/434006/30/4980/threaded" - }, - { - "name" : "http://www.newffr.com/viewtopic.php?forum=26&topic=11683", - "refsource" : "MISC", - "url" : "http://www.newffr.com/viewtopic.php?forum=26&topic=11683" - }, - { - "name" : "freetextbox-fckeditor-javascipt-xss(26539)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the \"Basic Toolbar Selection\" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.newffr.com/viewtopic.php?forum=26&topic=11683", + "refsource": "MISC", + "url": "http://www.newffr.com/viewtopic.php?forum=26&topic=11683" + }, + { + "name": "freetextbox-fckeditor-javascipt-xss(26539)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26539" + }, + { + "name": "20060514 XSS in FreeTextBox and FCKEditor Basic Toolbar Selection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/434006/30/4980/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2260.json b/2010/2xxx/CVE-2010-2260.json index 97cf3f3e5f0..a0a8d6d420a 100644 --- a/2010/2xxx/CVE-2010-2260.json +++ b/2010/2xxx/CVE-2010-2260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10926", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/10926" - }, - { - "name" : "http://packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txt" - }, - { - "name" : "38012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38012" - }, - { - "name" : "bandwidthmeter-viewby-xss(55307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bandwidthmeter-viewby-xss(55307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55307" + }, + { + "name": "38012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38012" + }, + { + "name": "10926", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/10926" + }, + { + "name": "http://packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/1001-exploits/bandwidthmeter-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2303.json b/2010/2xxx/CVE-2010-2303.json index f59a48321c3..c7fd6e8e29b 100644 --- a/2010/2xxx/CVE-2010-2303.json +++ b/2010/2xxx/CVE-2010-2303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2303", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1772. Reason: This candidate is a duplicate of CVE-2010-1772. Notes: All CVE users should reference CVE-2010-1772 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-2303", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1772. Reason: This candidate is a duplicate of CVE-2010-1772. Notes: All CVE users should reference CVE-2010-1772 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2422.json b/2010/2xxx/CVE-2010-2422.json index a8866fef9c4..eb59cd18639 100644 --- a/2010/2xxx/CVE-2010-2422.json +++ b/2010/2xxx/CVE-2010-2422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html", - "refsource" : "CONFIRM", - "url" : "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html" - }, - { - "name" : "40999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40999" - }, - { - "name" : "40270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40270" + }, + { + "name": "40999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40999" + }, + { + "name": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html", + "refsource": "CONFIRM", + "url": "http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2973.json b/2010/2xxx/CVE-2010-2973.json index aa9939b89c4..4fbe32d476b 100644 --- a/2010/2xxx/CVE-2010-2973.json +++ b/2010/2xxx/CVE-2010-2973.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14538", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14538" - }, - { - "name" : "http://support.apple.com/kb/HT4291", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4291" - }, - { - "name" : "http://support.apple.com/kb/HT4292", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4292" - }, - { - "name" : "APPLE-SA-2010-08-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2010-08-11-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html" - }, - { - "name" : "42151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42151" - }, - { - "name" : "66827", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/66827" - }, - { - "name" : "40807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14538", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14538" + }, + { + "name": "66827", + "refsource": "OSVDB", + "url": "http://osvdb.org/66827" + }, + { + "name": "APPLE-SA-2010-08-11-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT4292", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4292" + }, + { + "name": "42151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42151" + }, + { + "name": "http://support.apple.com/kb/HT4291", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4291" + }, + { + "name": "APPLE-SA-2010-08-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html" + }, + { + "name": "40807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40807" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0095.json b/2011/0xxx/CVE-2011-0095.json index 5549f7f6f20..8aec8588d7b 100644 --- a/2011/0xxx/CVE-2011-0095.json +++ b/2011/0xxx/CVE-2011-0095.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0095", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0095", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0326.json b/2011/0xxx/CVE-2011-0326.json index 6ee1125084c..ed60459f067 100644 --- a/2011/0xxx/CVE-2011-0326.json +++ b/2011/0xxx/CVE-2011-0326.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0326", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0326", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1207.json b/2011/1xxx/CVE-2011-1207.json index f7d3eac2b60..7d1bc528b02 100644 --- a/2011/1xxx/CVE-2011-1207.json +++ b/2011/1xxx/CVE-2011-1207.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=swg21497689", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=swg21497689" - }, - { - "name" : "47643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47643" - }, - { - "name" : "1025464", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025464" - }, - { - "name" : "43399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43399" - }, - { - "name" : "43474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43474" - }, - { - "name" : "ADV-2011-1129", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025464", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025464" + }, + { + "name": "43474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43474" + }, + { + "name": "ADV-2011-1129", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1129" + }, + { + "name": "43399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43399" + }, + { + "name": "47643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47643" + }, + { + "name": "https://www.ibm.com/support/docview.wss?uid=swg21497689", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=swg21497689" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1248.json b/2011/1xxx/CVE-2011-1248.json index 4626b59180d..5067797b312 100644 --- a/2011/1xxx/CVE-2011-1248.json +++ b/2011/1xxx/CVE-2011-1248.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka \"WINS Service Failed Response Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-035" - }, - { - "name" : "oval:org.mitre.oval:def:12724", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka \"WINS Service Failed Response Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12724", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12724" + }, + { + "name": "MS11-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-035" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4169.json b/2011/4xxx/CVE-2011-4169.json index ed0d2d3201f..c66526bf0a9 100644 --- a/2011/4xxx/CVE-2011-4169.json +++ b/2011/4xxx/CVE-2011-4169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBPI02732", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" - }, - { - "name" : "SSRT100435", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Managed Printing Administration before 2.6.4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBPI02732", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" + }, + { + "name": "SSRT100435", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4172.json b/2011/4xxx/CVE-2011-4172.json index 4fd60a37d77..ba8e237286d 100644 --- a/2011/4xxx/CVE-2011-4172.json +++ b/2011/4xxx/CVE-2011-4172.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kent-web.com/bbs/wforum.html", - "refsource" : "CONFIRM", - "url" : "http://www.kent-web.com/bbs/wforum.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB FORUM before 5.1 allow remote attackers to inject arbitrary web script or HTML via (1) an e-mail address field or (2) a cookie, a related issue to CVE-2011-3383, CVE-2011-3983, and CVE-2011-3984." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kent-web.com/bbs/wforum.html", + "refsource": "CONFIRM", + "url": "http://www.kent-web.com/bbs/wforum.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4824.json b/2011/4xxx/CVE-2011-4824.json index 49f78e01e8a..10ad33ef886 100644 --- a/2011/4xxx/CVE-2011-4824.json +++ b/2011/4xxx/CVE-2011-4824.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.cacti.net/viewvc?view=rev&revision=6807", - "refsource" : "CONFIRM", - "url" : "http://svn.cacti.net/viewvc?view=rev&revision=6807" - }, - { - "name" : "http://www.cacti.net/release_notes_0_8_7h.php", - "refsource" : "CONFIRM", - "url" : "http://www.cacti.net/release_notes_0_8_7h.php" - }, - { - "name" : "http://bugs.cacti.net/view.php?id=2062", - "refsource" : "CONFIRM", - "url" : "http://bugs.cacti.net/view.php?id=2062" - }, - { - "name" : "http://forums.cacti.net/viewtopic.php?f=21&t=44116", - "refsource" : "CONFIRM", - "url" : "http://forums.cacti.net/viewtopic.php?f=21&t=44116" - }, - { - "name" : "FEDORA-2011-15032", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069126.html" - }, - { - "name" : "FEDORA-2011-15071", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069141.html" - }, - { - "name" : "FEDORA-2011-15110", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069137.html" - }, - { - "name" : "50671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50671" - }, - { - "name" : "44133", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44133" - }, - { - "name" : "46876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46876" - }, - { - "name" : "cacti-unspecified-sql-injection(71326)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.cacti.net/view.php?id=2062", + "refsource": "CONFIRM", + "url": "http://bugs.cacti.net/view.php?id=2062" + }, + { + "name": "46876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46876" + }, + { + "name": "http://forums.cacti.net/viewtopic.php?f=21&t=44116", + "refsource": "CONFIRM", + "url": "http://forums.cacti.net/viewtopic.php?f=21&t=44116" + }, + { + "name": "50671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50671" + }, + { + "name": "http://www.cacti.net/release_notes_0_8_7h.php", + "refsource": "CONFIRM", + "url": "http://www.cacti.net/release_notes_0_8_7h.php" + }, + { + "name": "FEDORA-2011-15071", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069141.html" + }, + { + "name": "http://svn.cacti.net/viewvc?view=rev&revision=6807", + "refsource": "CONFIRM", + "url": "http://svn.cacti.net/viewvc?view=rev&revision=6807" + }, + { + "name": "FEDORA-2011-15110", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069137.html" + }, + { + "name": "44133", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44133" + }, + { + "name": "cacti-unspecified-sql-injection(71326)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71326" + }, + { + "name": "FEDORA-2011-15032", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069126.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5044.json b/2011/5xxx/CVE-2011-5044.json index 8798cda7512..ff94df9b503 100644 --- a/2011/5xxx/CVE-2011-5044.json +++ b/2011/5xxx/CVE-2011-5044.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18201", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18201" - }, - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php" - }, - { - "name" : "77724", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77724" - }, - { - "name" : "40940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40940" - }, - { - "name" : "sopcast-diagnose-priv-esc(71622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for Diagnose.exe, which allows local users to execute arbitrary code by replacing Diagnose.exe with a Trojan horse program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sopcast-diagnose-priv-esc(71622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71622" + }, + { + "name": "77724", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77724" + }, + { + "name": "18201", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18201" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5062.php" + }, + { + "name": "40940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40940" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5374.json b/2011/5xxx/CVE-2011-5374.json index 07880ac7189..f1d5d57407e 100644 --- a/2011/5xxx/CVE-2011-5374.json +++ b/2011/5xxx/CVE-2011-5374.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5374", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5374", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2619.json b/2014/2xxx/CVE-2014-2619.json index 3493b5175ef..f985b5cd9d1 100644 --- a/2014/2xxx/CVE-2014-2619.json +++ b/2014/2xxx/CVE-2014-2619.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02913", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "SSRT101408", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "68543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68543" - }, - { - "name" : "1030568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030568" - }, - { - "name" : "hp-imc-cve20142619-info-disc(94489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-imc-cve20142619-info-disc(94489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94489" + }, + { + "name": "HPSBHF02913", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + }, + { + "name": "68543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68543" + }, + { + "name": "1030568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030568" + }, + { + "name": "SSRT101408", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2768.json b/2014/2xxx/CVE-2014-2768.json index f9070cb0d4c..696a4dafcbe 100644 --- a/2014/2xxx/CVE-2014-2768.json +++ b/2014/2xxx/CVE-2014-2768.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2773." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" - }, - { - "name" : "67852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67852" - }, - { - "name" : "1030370", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2773." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67852" + }, + { + "name": "1030370", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030370" + }, + { + "name": "MS14-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-035" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2774.json b/2014/2xxx/CVE-2014-2774.json index 6176b73c480..be36e737260 100644 --- a/2014/2xxx/CVE-2014-2774.json +++ b/2014/2xxx/CVE-2014-2774.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2820, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69090" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142774-code-exec(94966)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2820, CVE-2014-2826, CVE-2014-2827, and CVE-2014-4063." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "ms-ie-cve20142774-code-exec(94966)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94966" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "69090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69090" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2964.json b/2014/2xxx/CVE-2014-2964.json index 443107f529e..60b4f1b1da1 100644 --- a/2014/2xxx/CVE-2014-2964.json +++ b/2014/2xxx/CVE-2014-2964.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#882207", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/882207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cobham Aviator 700D and 700E satellite terminals have hardcoded passwords for the (1) debug, (2) prod, (3) do160, and (4) flrp programs, which allows physically proximate attackers to gain privileges by sending a password over a serial line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#882207", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/882207" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3757.json b/2014/3xxx/CVE-2014-3757.json index 7fdf52ad1b0..b3f136906d8 100644 --- a/2014/3xxx/CVE-2014-3757.json +++ b/2014/3xxx/CVE-2014-3757.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140420 phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/249" - }, - { - "name" : "67000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67000" + }, + { + "name": "20140420 phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/249" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6095.json b/2014/6xxx/CVE-2014-6095.json index 3ebcb5290a6..8e4ff5ce314 100644 --- a/2014/6xxx/CVE-2014-6095.json +++ b/2014/6xxx/CVE-2014-6095.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21689779" - }, - { - "name" : "IV66496", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496" - }, - { - "name" : "IV66624", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624" - }, - { - "name" : "IV66635", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635" - }, - { - "name" : "IV66637", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637" - }, - { - "name" : "IV66642", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642" - }, - { - "name" : "IV66645", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645" - }, - { - "name" : "62363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62363" - }, - { - "name" : "ibm-sim-cve20146095-dir-traversal(95943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV66624", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66624" + }, + { + "name": "IV66642", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66642" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21689779" + }, + { + "name": "IV66635", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66635" + }, + { + "name": "IV66496", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66496" + }, + { + "name": "62363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62363" + }, + { + "name": "ibm-sim-cve20146095-dir-traversal(95943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95943" + }, + { + "name": "IV66637", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66637" + }, + { + "name": "IV66645", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV66645" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6483.json b/2014/6xxx/CVE-2014-6483.json index 4b3605150ab..fb06f63806b 100644 --- a/2014/6xxx/CVE-2014-6483.json +++ b/2014/6xxx/CVE-2014-6483.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70480", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70480", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70480" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6537.json b/2014/6xxx/CVE-2014-6537.json index b5ca1d17e12..d1fa48232d4 100644 --- a/2014/6xxx/CVE-2014-6537.json +++ b/2014/6xxx/CVE-2014-6537.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "70492", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70492", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70492" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6734.json b/2014/6xxx/CVE-2014-6734.json index 99bb5c0de2f..d5d79e1e126 100644 --- a/2014/6xxx/CVE-2014-6734.json +++ b/2014/6xxx/CVE-2014-6734.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#592265", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/592265" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#592265", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/592265" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7373.json b/2014/7xxx/CVE-2014-7373.json index 457bf84df72..e820ea0b02d 100644 --- a/2014/7xxx/CVE-2014-7373.json +++ b/2014/7xxx/CVE-2014-7373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#462465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/462465" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#462465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/462465" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7477.json b/2014/7xxx/CVE-2014-7477.json index f64c72b2671..a6f1e984bb4 100644 --- a/2014/7xxx/CVE-2014-7477.json +++ b/2014/7xxx/CVE-2014-7477.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7477", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7477", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7588.json b/2014/7xxx/CVE-2014-7588.json index 310d030f0e0..dfe9aed827a 100644 --- a/2014/7xxx/CVE-2014-7588.json +++ b/2014/7xxx/CVE-2014-7588.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7588", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7588", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0881.json b/2017/0xxx/CVE-2017-0881.json index 76b22f2e6fd..be85314a978 100644 --- a/2017/0xxx/CVE-2017-0881.json +++ b/2017/0xxx/CVE-2017-0881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2017-0881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Zulip Server Versions 1.4.2 and below", - "version" : { - "version_data" : [ - { - "version_value" : "Zulip Server Versions 1.4.2 and below" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure (CWE-200)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2017-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zulip Server Versions 1.4.2 and below", + "version": { + "version_data": [ + { + "version_value": "Zulip Server Versions 1.4.2 and below" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f", - "refsource" : "MISC", - "url" : "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f" - }, - { - "name" : "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ" - }, - { - "name" : "97159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to join. The issue affects all previously released versions of the Zulip server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97159" + }, + { + "name": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/zulip-announce/VyawgRuoY34/NTBwnTArGwAJ" + }, + { + "name": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f", + "refsource": "MISC", + "url": "https://github.com/zulip/zulip/commit/7ecda1ac8e26d8fb3725e954b2dc4723dda2255f" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18030.json b/2017/18xxx/CVE-2017-18030.json index a4fc1ca4839..9d6f64f0484 100644 --- a/2017/18xxx/CVE-2017-18030.json +++ b/2017/18xxx/CVE-2017-18030.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/01/15/3" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3" - }, - { - "name" : "102520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102520" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "[oss-security] 20180115 CVE-2017-18030 Qemu: Out-of-bounds access in cirrus_invalidate_region routine", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/01/15/3" + }, + { + "name": "102520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102520" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commit;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18129.json b/2017/18xxx/CVE-2017-18129.json index 5a5e7cc0452..fc210be48f2 100644 --- a/2017/18xxx/CVE-2017-18129.json +++ b/2017/18xxx/CVE-2017-18129.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, SD 845, MSM8996, MSM8998" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control in TrustZone." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, SD 845, MSM8996, MSM8998" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA (internet protocol accelerator) channels owned by one security domain to be controlled from other domains." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control in TrustZone." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1004.json b/2017/1xxx/CVE-2017-1004.json index c1c1e89df16..d15e69c1fe6 100644 --- a/2017/1xxx/CVE-2017-1004.json +++ b/2017/1xxx/CVE-2017-1004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1029.json b/2017/1xxx/CVE-2017-1029.json index 02668343a17..4186d03305b 100644 --- a/2017/1xxx/CVE-2017-1029.json +++ b/2017/1xxx/CVE-2017-1029.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1029", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1029", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1460.json b/2017/1xxx/CVE-2017-1460.json index d86800ba4c0..5ce5b919ad3 100644 --- a/2017/1xxx/CVE-2017-1460.json +++ b/2017/1xxx/CVE-2017-1460.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2017-1460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "i", - "version" : { - "version_data" : [ - { - "version_value" : "6.1" - }, - { - "version_value" : "7.1" - }, - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2017-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i", + "version": { + "version_data": [ + { + "version_value": "6.1" + }, + { + "version_value": "7.1" + }, + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=nas8N1022191", - "refsource" : "MISC", - "url" : "http://www.ibm.com/support/docview.wss?uid=nas8N1022191" - }, - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128379", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router spoofs its origin. Routing tables are affected by a missing LSA, which may lead to loss of connectivity. IBM X-Force ID: 128379." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=nas8N1022191", + "refsource": "MISC", + "url": "http://www.ibm.com/support/docview.wss?uid=nas8N1022191" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128379", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128379" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1923.json b/2017/1xxx/CVE-2017-1923.json index 363f25b2ceb..252c5f13a97 100644 --- a/2017/1xxx/CVE-2017-1923.json +++ b/2017/1xxx/CVE-2017-1923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1923", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1923", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5348.json b/2017/5xxx/CVE-2017-5348.json index fc41e63687b..7b3eeaaa058 100644 --- a/2017/5xxx/CVE-2017-5348.json +++ b/2017/5xxx/CVE-2017-5348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5663.json b/2017/5xxx/CVE-2017-5663.json index 7bd2c8ae59b..c5de84cf6f0 100644 --- a/2017/5xxx/CVE-2017-5663.json +++ b/2017/5xxx/CVE-2017-5663.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-12-13T00:00:00", - "ID" : "CVE-2017-5663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Fineract", - "version" : { - "version_data" : [ - { - "version_value" : "0.4.0-incubating" - }, - { - "version_value" : "0.5.0-incubating" - }, - { - "version_value" : "0.6.0-incubating" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-12-13T00:00:00", + "ID": "CVE-2017-5663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Fineract", + "version": { + "version_data": [ + { + "version_value": "0.4.0-incubating" + }, + { + "version_value": "0.5.0-incubating" + }, + { + "version_value": "0.6.0-incubating" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20171213 [SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/757feeffe45a75d3c0d08b551e71fabdae5d352543be2342b6ba2c93@%3Cdev.fineract.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[dev] 20171213 [SECURITY] CVE-2017-5663: Apache Fineract SQL Injection Vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/757feeffe45a75d3c0d08b551e71fabdae5d352543be2342b6ba2c93@%3Cdev.fineract.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5887.json b/2017/5xxx/CVE-2017-5887.json index 3d6a477f4ce..8659d2fa13e 100644 --- a/2017/5xxx/CVE-2017-5887.json +++ b/2017/5xxx/CVE-2017-5887.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2017/Apr/67", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2017/Apr/67" - }, - { - "name" : "https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6", - "refsource" : "CONFIRM", - "url" : "https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6" - }, - { - "name" : "https://github.com/daltoniam/Starscream/releases/tag/2.0.4", - "refsource" : "CONFIRM", - "url" : "https://github.com/daltoniam/Starscream/releases/tag/2.0.4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/bugtraq/2017/Apr/67", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2017/Apr/67" + }, + { + "name": "https://github.com/daltoniam/Starscream/releases/tag/2.0.4", + "refsource": "CONFIRM", + "url": "https://github.com/daltoniam/Starscream/releases/tag/2.0.4" + }, + { + "name": "https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6", + "refsource": "CONFIRM", + "url": "https://github.com/daltoniam/Starscream/commit/dbeb1190b8dcbff4f0b797f9e9d9b9b864d1f0d6" + } + ] + } +} \ No newline at end of file