From ae274a3c64732ec6b2619fc957851da715480045 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:25:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2267.json | 200 +++++++++---------- 2006/2xxx/CVE-2006-2673.json | 170 ++++++++-------- 2006/2xxx/CVE-2006-2797.json | 130 ++++++------ 2006/3xxx/CVE-2006-3097.json | 230 +++++++++++----------- 2006/3xxx/CVE-2006-3573.json | 210 ++++++++++---------- 2006/3xxx/CVE-2006-3996.json | 210 ++++++++++---------- 2006/4xxx/CVE-2006-4578.json | 160 +++++++-------- 2006/6xxx/CVE-2006-6351.json | 150 +++++++------- 2006/6xxx/CVE-2006-6566.json | 170 ++++++++-------- 2006/6xxx/CVE-2006-6820.json | 150 +++++++------- 2006/6xxx/CVE-2006-6848.json | 160 +++++++-------- 2006/7xxx/CVE-2006-7196.json | 280 +++++++++++++------------- 2010/2xxx/CVE-2010-2830.json | 120 ++++++------ 2011/0xxx/CVE-2011-0049.json | 240 +++++++++++------------ 2011/0xxx/CVE-2011-0521.json | 220 ++++++++++----------- 2011/0xxx/CVE-2011-0533.json | 290 +++++++++++++-------------- 2011/1xxx/CVE-2011-1351.json | 34 ++-- 2011/1xxx/CVE-2011-1893.json | 140 ++++++------- 2011/3xxx/CVE-2011-3052.json | 220 ++++++++++----------- 2011/3xxx/CVE-2011-3063.json | 200 +++++++++---------- 2011/3xxx/CVE-2011-3412.json | 160 +++++++-------- 2011/4xxx/CVE-2011-4054.json | 130 ++++++------ 2011/4xxx/CVE-2011-4348.json | 160 +++++++-------- 2011/4xxx/CVE-2011-4479.json | 34 ++-- 2011/4xxx/CVE-2011-4703.json | 120 ++++++------ 2011/4xxx/CVE-2011-4732.json | 130 ++++++------ 2013/5xxx/CVE-2013-5625.json | 34 ++-- 2014/2xxx/CVE-2014-2750.json | 34 ++-- 2014/2xxx/CVE-2014-2917.json | 34 ++-- 2014/2xxx/CVE-2014-2943.json | 34 ++-- 2014/6xxx/CVE-2014-6046.json | 130 ++++++------ 2014/6xxx/CVE-2014-6202.json | 34 ++-- 2014/6xxx/CVE-2014-6995.json | 140 ++++++------- 2014/7xxx/CVE-2014-7435.json | 140 ++++++------- 2014/7xxx/CVE-2014-7592.json | 140 ++++++------- 2014/7xxx/CVE-2014-7669.json | 34 ++-- 2014/7xxx/CVE-2014-7941.json | 210 ++++++++++---------- 2017/1000xxx/CVE-2017-1000177.json | 34 ++-- 2017/18xxx/CVE-2017-18016.json | 150 +++++++------- 2017/18xxx/CVE-2017-18074.json | 132 ++++++------- 2017/1xxx/CVE-2017-1041.json | 34 ++-- 2017/1xxx/CVE-2017-1065.json | 34 ++-- 2017/1xxx/CVE-2017-1258.json | 160 +++++++-------- 2017/1xxx/CVE-2017-1342.json | 132 ++++++------- 2017/5xxx/CVE-2017-5400.json | 304 ++++++++++++++--------------- 2017/5xxx/CVE-2017-5403.json | 184 ++++++++--------- 2017/5xxx/CVE-2017-5453.json | 152 +++++++-------- 47 files changed, 3349 insertions(+), 3349 deletions(-) diff --git a/2006/2xxx/CVE-2006-2267.json b/2006/2xxx/CVE-2006-2267.json index 308e6996489..5aceea44497 100644 --- a/2006/2xxx/CVE-2006-2267.json +++ b/2006/2xxx/CVE-2006-2267.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the \"email protocol inspectors,\" possibly (1) SMTP and (2) POP3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060507 Kerio WinRoute Firewall Protocol Inspection Denial", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433585/100/0/threaded" - }, - { - "name" : "http://www.kerio.com/kwf_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kwf_history.html" - }, - { - "name" : "17859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17859" - }, - { - "name" : "ADV-2006-1677", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1677" - }, - { - "name" : "25300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25300" - }, - { - "name" : "25273", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25273" - }, - { - "name" : "1016032", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016032" - }, - { - "name" : "19947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19947" - }, - { - "name" : "kerio-winroute-email-dos(26263)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the \"email protocol inspectors,\" possibly (1) SMTP and (2) POP3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17859" + }, + { + "name": "http://www.kerio.com/kwf_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kwf_history.html" + }, + { + "name": "1016032", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016032" + }, + { + "name": "kerio-winroute-email-dos(26263)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26263" + }, + { + "name": "ADV-2006-1677", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1677" + }, + { + "name": "25273", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25273" + }, + { + "name": "19947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19947" + }, + { + "name": "25300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25300" + }, + { + "name": "20060507 Kerio WinRoute Firewall Protocol Inspection Denial", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433585/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2673.json b/2006/2xxx/CVE-2006-2673.json index cfd901c1d5d..0459d4c202d 100644 --- a/2006/2xxx/CVE-2006-2673.json +++ b/2006/2xxx/CVE-2006-2673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060524 Bulletin Board Elite-Board v.1.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435013/100/0/threaded" - }, - { - "name" : "18103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18103" - }, - { - "name" : "ADV-2006-1980", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1980" - }, - { - "name" : "20289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20289" - }, - { - "name" : "987", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/987" - }, - { - "name" : "eliteboard-search-xss(26675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18103" + }, + { + "name": "20060524 Bulletin Board Elite-Board v.1.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435013/100/0/threaded" + }, + { + "name": "eliteboard-search-xss(26675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26675" + }, + { + "name": "987", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/987" + }, + { + "name": "20289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20289" + }, + { + "name": "ADV-2006-1980", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1980" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2797.json b/2006/2xxx/CVE-2006-2797.json index d3c9d2d8af5..d86c2916f71 100644 --- a/2006/2xxx/CVE-2006-2797.json +++ b/2006/2xxx/CVE-2006-2797.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1818", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1818" - }, - { - "name" : "phpcommunitycalendar-multiple-sql-injection(26648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpcommunitycalendar-multiple-sql-injection(26648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26648" + }, + { + "name": "1818", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1818" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3097.json b/2006/3xxx/CVE-2006-3097.json index 9af120d207f..de2117133bb 100644 --- a/2006/3xxx/CVE-2006-3097.json +++ b/2006/3xxx/CVE-2006-3097.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02115", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/437401/100/0/threaded" - }, - { - "name" : "SSRT061077", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/437401/100/0/threaded" - }, - { - "name" : "18457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18457" - }, - { - "name" : "oval:org.mitre.oval:def:5627", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5627" - }, - { - "name" : "ADV-2006-2406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2406" - }, - { - "name" : "ADV-2006-3292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3292" - }, - { - "name" : "26622", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26622" - }, - { - "name" : "1016307", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016307" - }, - { - "name" : "20711", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20711" - }, - { - "name" : "21491", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21491" - }, - { - "name" : "1119", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1119" - }, - { - "name" : "hp-stm-unspecified-dos(27314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Support Tools Manager (xstm, cstm, and stm) on HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2406" + }, + { + "name": "1119", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1119" + }, + { + "name": "1016307", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016307" + }, + { + "name": "hp-stm-unspecified-dos(27314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27314" + }, + { + "name": "26622", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26622" + }, + { + "name": "HPSBUX02115", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/437401/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:5627", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5627" + }, + { + "name": "21491", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21491" + }, + { + "name": "20711", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20711" + }, + { + "name": "18457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18457" + }, + { + "name": "SSRT061077", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/437401/100/0/threaded" + }, + { + "name": "ADV-2006-3292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3292" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3573.json b/2006/3xxx/CVE-2006-3573.json index 4324a5d09cc..07c42c20aaf 100644 --- a/2006/3xxx/CVE-2006-3573.json +++ b/2006/3xxx/CVE-2006-3573.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060706 Format string bug in Sparklet 0.9.4try3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439475/100/100/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/sparkletfs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/sparkletfs-adv.txt" - }, - { - "name" : "18862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18862" - }, - { - "name" : "18949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18949" - }, - { - "name" : "ADV-2006-2695", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2695" - }, - { - "name" : "ADV-2006-2763", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2763" - }, - { - "name" : "27038", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27038" - }, - { - "name" : "1016443", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016443" - }, - { - "name" : "20974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20974" - }, - { - "name" : "sparklet-writetext-format-string(27603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18949" + }, + { + "name": "sparklet-writetext-format-string(27603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27603" + }, + { + "name": "1016443", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016443" + }, + { + "name": "20060706 Format string bug in Sparklet 0.9.4try3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439475/100/100/threaded" + }, + { + "name": "20974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20974" + }, + { + "name": "27038", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27038" + }, + { + "name": "ADV-2006-2763", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2763" + }, + { + "name": "http://aluigi.altervista.org/adv/sparkletfs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/sparkletfs-adv.txt" + }, + { + "name": "18862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18862" + }, + { + "name": "ADV-2006-2695", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2695" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3996.json b/2006/3xxx/CVE-2006-3996.json index b08873930f9..3dac161ba46 100644 --- a/2006/3xxx/CVE-2006-3996.json +++ b/2006/3xxx/CVE-2006-3996.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060730 ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441711/100/0/threaded" - }, - { - "name" : "http://atutor.ca/news.php#010806", - "refsource" : "MISC", - "url" : "http://atutor.ca/news.php#010806" - }, - { - "name" : "http://retrogod.altervista.org/atutor_1531_sql.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/atutor_1531_sql.html" - }, - { - "name" : "2088", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2088" - }, - { - "name" : "19232", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19232" - }, - { - "name" : "ADV-2006-3074", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3074" - }, - { - "name" : "27665", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27665" - }, - { - "name" : "21308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21308" - }, - { - "name" : "1330", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1330" - }, - { - "name" : "atutor-orderby-sql-injection(28082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21308" + }, + { + "name": "http://retrogod.altervista.org/atutor_1531_sql.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/atutor_1531_sql.html" + }, + { + "name": "1330", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1330" + }, + { + "name": "19232", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19232" + }, + { + "name": "atutor-orderby-sql-injection(28082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082" + }, + { + "name": "http://atutor.ca/news.php#010806", + "refsource": "MISC", + "url": "http://atutor.ca/news.php#010806" + }, + { + "name": "ADV-2006-3074", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3074" + }, + { + "name": "27665", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27665" + }, + { + "name": "20060730 ATutor <= 1.5.3.1 'links' blind SQL injection / admin credentials disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded" + }, + { + "name": "2088", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2088" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4578.json b/2006/4xxx/CVE-2006-4578.json index 166fb56f22e..08291a5cb4e 100644 --- a/2006/4xxx/CVE-2006-4578.json +++ b/2006/4xxx/CVE-2006-4578.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2006-4578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2006-76/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2006-76/advisory/" - }, - { - "name" : "21870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21870" - }, - { - "name" : "32563", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/32563" - }, - { - "name" : "21694", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21694" - }, - { - "name" : "tab-mysql-password-info-disclosure(31244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tab-mysql-password-info-disclosure(31244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31244" + }, + { + "name": "http://secunia.com/secunia_research/2006-76/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2006-76/advisory/" + }, + { + "name": "32563", + "refsource": "OSVDB", + "url": "http://osvdb.org/32563" + }, + { + "name": "21870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21870" + }, + { + "name": "21694", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21694" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6351.json b/2006/6xxx/CVE-2006-6351.json index ac19526e435..b797a4f3f52 100644 --- a/2006/6xxx/CVE-2006-6351.json +++ b/2006/6xxx/CVE-2006-6351.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061202 KhaledMuratList mdb", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/453328/100/0/threaded" - }, - { - "name" : "23310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23310" - }, - { - "name" : "1999", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1999" - }, - { - "name" : "khaledmuratlist-mdb-file-disclosure(30661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "khaledmuratlist-mdb-file-disclosure(30661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30661" + }, + { + "name": "20061202 KhaledMuratList mdb", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/453328/100/0/threaded" + }, + { + "name": "23310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23310" + }, + { + "name": "1999", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1999" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6566.json b/2006/6xxx/CVE-2006-6566.json index 57d88dc4d4e..018e82276b8 100644 --- a/2006/6xxx/CVE-2006-6566.json +++ b/2006/6xxx/CVE-2006-6566.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2904", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2904" - }, - { - "name" : "2918", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2918" - }, - { - "name" : "20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001176.html" - }, - { - "name" : "ADV-2006-4928", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4928" - }, - { - "name" : "ADV-2006-4946", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4946" - }, - { - "name" : "mxbbcpanel-profilcp-file-include(30821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mxbbcpanel-profilcp-file-include(30821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30821" + }, + { + "name": "2918", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2918" + }, + { + "name": "ADV-2006-4928", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4928" + }, + { + "name": "2904", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2904" + }, + { + "name": "ADV-2006-4946", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4946" + }, + { + "name": "20061214 mxBB Module mx_profilecp 0.91 Remote File Include Vulnerability", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001176.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6820.json b/2006/6xxx/CVE-2006-6820.json index 70b346a4747..e24ed10981c 100644 --- a/2006/6xxx/CVE-2006-6820.json +++ b/2006/6xxx/CVE-2006-6820.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6820", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6820", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2995", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2995" - }, - { - "name" : "21739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21739" - }, - { - "name" : "ADV-2006-5155", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5155" - }, - { - "name" : "23517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5155", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5155" + }, + { + "name": "2995", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2995" + }, + { + "name": "23517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23517" + }, + { + "name": "21739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21739" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6848.json b/2006/6xxx/CVE-2006-6848.json index 7e5156f1527..fb63c099fd3 100644 --- a/2006/6xxx/CVE-2006-6848.json +++ b/2006/6xxx/CVE-2006-6848.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3035", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3035" - }, - { - "name" : "21807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21807" - }, - { - "name" : "ADV-2006-5200", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5200" - }, - { - "name" : "23573", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23573" - }, - { - "name" : "aspticker-admin-sql-injection(31152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5200", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5200" + }, + { + "name": "3035", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3035" + }, + { + "name": "aspticker-admin-sql-injection(31152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31152" + }, + { + "name": "21807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21807" + }, + { + "name": "23573", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23573" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7196.json b/2006/7xxx/CVE-2006-7196.json index a5c45b49176..5baa543a80e 100644 --- a/2006/7xxx/CVE-2006-7196.json +++ b/2006/7xxx/CVE-2006-7196.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-7196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478491/100/0/threaded" - }, - { - "name" : "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/478609/100/0/threaded" - }, - { - "name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded" - }, - { - "name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded" - }, - { - "name" : "http://tomcat.apache.org/security-4.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-4.html" - }, - { - "name" : "http://tomcat.apache.org/security-5.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-5.html" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" - }, - { - "name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", - "refsource" : "CONFIRM", - "url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" - }, - { - "name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "SUSE-SR:2008:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" - }, - { - "name" : "25531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/25531" - }, - { - "name" : "ADV-2007-1729", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1729" - }, - { - "name" : "ADV-2009-0233", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0233" - }, - { - "name" : "34888", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/34888" - }, - { - "name" : "29242", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29242" - }, - { - "name" : "33668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tomcat.apache.org/security-4.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-4.html" + }, + { + "name": "34888", + "refsource": "OSVDB", + "url": "http://osvdb.org/34888" + }, + { + "name": "29242", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29242" + }, + { + "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded" + }, + { + "name": "SUSE-SR:2008:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html" + }, + { + "name": "33668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33668" + }, + { + "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded" + }, + { + "name": "25531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/25531" + }, + { + "name": "ADV-2007-1729", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1729" + }, + { + "name": "ADV-2009-0233", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0233" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-206.htm" + }, + { + "name": "20070904 Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478491/100/0/threaded" + }, + { + "name": "http://tomcat.apache.org/security-5.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-5.html" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "20070905 Re: Apache tomcat calendar example cross site scripting and cross site request forgery vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/478609/100/0/threaded" + }, + { + "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx", + "refsource": "CONFIRM", + "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx" + }, + { + "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540", + "refsource": "CONFIRM", + "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2830.json b/2010/2xxx/CVE-2010-2830.json index 9a935e80c4d..7bcdf13c9c9 100644 --- a/2010/2xxx/CVE-2010-2830.json +++ b/2010/2xxx/CVE-2010-2830.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100922 Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a310.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and IOS XE 2.5.x before 2.5.2, when PIM is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed IGMP packet, aka Bug ID CSCte14603." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100922 Cisco IOS Software Internet Group Management Protocol Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4a310.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0049.json b/2011/0xxx/CVE-2011-0049.json index b6d2781199e..de86178afb3 100644 --- a/2011/0xxx/CVE-2011-0049.json +++ b/2011/0xxx/CVE-2011-0049.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516150/100/0/threaded" - }, - { - "name" : "16103", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16103" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628064", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=628064" - }, - { - "name" : "https://sitewat.ch/en/Advisory/View/1", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisory/View/1" - }, - { - "name" : "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481", - "refsource" : "MISC", - "url" : "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481" - }, - { - "name" : "VU#363726", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/363726" - }, - { - "name" : "46127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46127" - }, - { - "name" : "70762", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70762" - }, - { - "name" : "1025024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025024" - }, - { - "name" : "43125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43125" - }, - { - "name" : "8061", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8061" - }, - { - "name" : "ADV-2011-0288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0288" - }, - { - "name" : "majordomo-listfile-directory-traversal(65113)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0288" + }, + { + "name": "VU#363726", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/363726" + }, + { + "name": "46127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46127" + }, + { + "name": "https://sitewat.ch/en/Advisory/View/1", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisory/View/1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=628064" + }, + { + "name": "43125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43125" + }, + { + "name": "majordomo-listfile-directory-traversal(65113)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65113" + }, + { + "name": "1025024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025024" + }, + { + "name": "20110203 Majordomo2 - Directory Traversal (SMTP/HTTP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516150/100/0/threaded" + }, + { + "name": "16103", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16103" + }, + { + "name": "8061", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8061" + }, + { + "name": "70762", + "refsource": "OSVDB", + "url": "http://osvdb.org/70762" + }, + { + "name": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481", + "refsource": "MISC", + "url": "https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0521.json b/2011/0xxx/CVE-2011-0521.json index 7d5a86b7a03..e450997bbec 100644 --- a/2011/0xxx/CVE-2011-0521.json +++ b/2011/0xxx/CVE-2011-0521.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/520102/100/0/threaded" - }, - { - "name" : "[oss-security] 20110125 Linux kernel av7110 negative array offset", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/24/2" - }, - { - "name" : "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/01/25/2" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" - }, - { - "name" : "45986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45986" - }, - { - "name" : "1025195", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025195" - }, - { - "name" : "43009", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43009" - }, - { - "name" : "46397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46397" - }, - { - "name" : "kernel-av7110ca-privilege-escalation(64988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45986" + }, + { + "name": "1025195", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025195" + }, + { + "name": "[oss-security] 20110125 Linux kernel av7110 negative array offset", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/24/2" + }, + { + "name": "20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/520102/100/0/threaded" + }, + { + "name": "46397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46397" + }, + { + "name": "kernel-av7110ca-privilege-escalation(64988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64988" + }, + { + "name": "43009", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43009" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2011-0012.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc2" + }, + { + "name": "[oss-security] 20110125 Re: Linux kernel av7110 negative array offset", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/01/25/2" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0533.json b/2011/0xxx/CVE-2011-0533.json index 6ad0b5bbd6d..e28395793ea 100644 --- a/2011/0xxx/CVE-2011-0533.json +++ b/2011/0xxx/CVE-2011-0533.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516342/100/0/threaded" - }, - { - "name" : "20110216 [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516474/100/0/threaded" - }, - { - "name" : "20110211 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Feb/236" - }, - { - "name" : "[continuum-users] 20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360@apache.org%3E" - }, - { - "name" : "http://continuum.apache.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://continuum.apache.org/security.html" - }, - { - "name" : "http://jira.codehaus.org/browse/CONTINUUM-2604", - "refsource" : "CONFIRM", - "url" : "http://jira.codehaus.org/browse/CONTINUUM-2604" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1066053", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1066053" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1066056", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1066056" - }, - { - "name" : "46311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46311" - }, - { - "name" : "70925", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70925" - }, - { - "name" : "oval:org.mitre.oval:def:12581", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581" - }, - { - "name" : "1025065", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025065" - }, - { - "name" : "43261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43261" - }, - { - "name" : "43334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43334" - }, - { - "name" : "8091", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8091" - }, - { - "name" : "ADV-2011-0373", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0373" - }, - { - "name" : "ADV-2011-0426", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0426" - }, - { - "name" : "continuum-unspec-xss(65343)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70925", + "refsource": "OSVDB", + "url": "http://osvdb.org/70925" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1066056", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1066056" + }, + { + "name": "46311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46311" + }, + { + "name": "43261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43261" + }, + { + "name": "http://jira.codehaus.org/browse/CONTINUUM-2604", + "refsource": "CONFIRM", + "url": "http://jira.codehaus.org/browse/CONTINUUM-2604" + }, + { + "name": "[continuum-users] 20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360@apache.org%3E" + }, + { + "name": "ADV-2011-0373", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0373" + }, + { + "name": "1025065", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025065" + }, + { + "name": "20110216 [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516474/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:12581", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581" + }, + { + "name": "8091", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8091" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1066053", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1066053" + }, + { + "name": "ADV-2011-0426", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0426" + }, + { + "name": "43334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43334" + }, + { + "name": "continuum-unspec-xss(65343)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65343" + }, + { + "name": "20110210 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516342/100/0/threaded" + }, + { + "name": "http://continuum.apache.org/security.html", + "refsource": "CONFIRM", + "url": "http://continuum.apache.org/security.html" + }, + { + "name": "20110211 [SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Feb/236" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1351.json b/2011/1xxx/CVE-2011-1351.json index 459d777684d..9ca7df5d521 100644 --- a/2011/1xxx/CVE-2011-1351.json +++ b/2011/1xxx/CVE-2011-1351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1893.json b/2011/1xxx/CVE-2011-1893.json index d9c18a10a95..dba455fada5 100644 --- a/2011/1xxx/CVE-2011-1893.json +++ b/2011/1xxx/CVE-2011-1893.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-074", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" - }, - { - "name" : "TA11-256A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12676", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka \"SharePoint XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS11-074", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-074" + }, + { + "name": "oval:org.mitre.oval:def:12676", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12676" + }, + { + "name": "TA11-256A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-256A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3052.json b/2011/3xxx/CVE-2011-3052.json index 3b20e3365f8..a073ced5f68 100644 --- a/2011/3xxx/CVE-2011-3052.json +++ b/2011/3xxx/CVE-2011-3052.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=116637", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=116637" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" - }, - { - "name" : "GLSA-201203-19", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" - }, - { - "name" : "openSUSE-SU-2012:0466", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" - }, - { - "name" : "52674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52674" - }, - { - "name" : "80290", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80290" - }, - { - "name" : "oval:org.mitre.oval:def:14819", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819" - }, - { - "name" : "1026841", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026841" - }, - { - "name" : "48512", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48512" - }, - { - "name" : "48527", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48527" - }, - { - "name" : "google-webgl-canvas-code-exec(74212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebGL implementation in Google Chrome before 17.0.963.83 does not properly handle CANVAS elements, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80290", + "refsource": "OSVDB", + "url": "http://osvdb.org/80290" + }, + { + "name": "48527", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48527" + }, + { + "name": "openSUSE-SU-2012:0466", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=116637", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=116637" + }, + { + "name": "1026841", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026841" + }, + { + "name": "52674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52674" + }, + { + "name": "GLSA-201203-19", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201203-19.xml" + }, + { + "name": "oval:org.mitre.oval:def:14819", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14819" + }, + { + "name": "48512", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48512" + }, + { + "name": "google-webgl-canvas-code-exec(74212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74212" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3063.json b/2011/3xxx/CVE-2011-3063.json index 85a8f742948..37fc900bda4 100644 --- a/2011/3xxx/CVE-2011-3063.json +++ b/2011/3xxx/CVE-2011-3063.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=117417", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=117417" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "52762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52762" - }, - { - "name" : "oval:org.mitre.oval:def:15226", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226" - }, - { - "name" : "1026877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026877" - }, - { - "name" : "48618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48618" - }, - { - "name" : "48691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48691" - }, - { - "name" : "48763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48763" - }, - { - "name" : "chrome-renderer-sec-bypass(74413)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74413" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15226", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15226" + }, + { + "name": "1026877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026877" + }, + { + "name": "48618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48618" + }, + { + "name": "48691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48691" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=117417", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=117417" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/03/stable-channel-release-and-beta-channel.html" + }, + { + "name": "52762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52762" + }, + { + "name": "chrome-renderer-sec-bypass(74413)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74413" + }, + { + "name": "48763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48763" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3412.json b/2011/3xxx/CVE-2011-3412.json index 66c7b5a368d..26c89bb59d5 100644 --- a/2011/3xxx/CVE-2011-3412.json +++ b/2011/3xxx/CVE-2011-3412.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka \"Publisher Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-3412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-091", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091" - }, - { - "name" : "TA11-347A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" - }, - { - "name" : "VU#361441", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/361441" - }, - { - "name" : "oval:org.mitre.oval:def:14808", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14808" - }, - { - "name" : "1026414", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026414" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka \"Publisher Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-347A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" + }, + { + "name": "VU#361441", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/361441" + }, + { + "name": "1026414", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026414" + }, + { + "name": "oval:org.mitre.oval:def:14808", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14808" + }, + { + "name": "MS11-091", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4054.json b/2011/4xxx/CVE-2011-4054.json index 69a33811cef..f6e8558eb0d 100644 --- a/2011/4xxx/CVE-2011-4054.json +++ b/2011/4xxx/CVE-2011-4054.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B" - }, - { - "name" : "VU#713012", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/713012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#713012", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/713012" + }, + { + "name": "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/MAPG-8MCH2B" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4348.json b/2011/4xxx/CVE-2011-4348.json index c5a5ea350e8..f2108fbcc8e 100644 --- a/2011/4xxx/CVE-2011-4348.json +++ b/2011/4xxx/CVE-2011-4348.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120305 CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/05/2" - }, - { - "name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29", - "refsource" : "CONFIRM", - "url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=757143", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=757143" - }, - { - "name" : "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29", + "refsource": "CONFIRM", + "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29" + }, + { + "name": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/ae53b5bd77719fed58086c5be60ce4f22bffe1c6" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ae53b5bd77719fed58086c5be60ce4f22bffe1c6" + }, + { + "name": "[oss-security] 20120305 CVE-2011-4348 kernel: incomplete fix for CVE-2011-2482", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/05/2" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=757143", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=757143" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4479.json b/2011/4xxx/CVE-2011-4479.json index e85a9b860b7..4e415da148d 100644 --- a/2011/4xxx/CVE-2011-4479.json +++ b/2011/4xxx/CVE-2011-4479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4703.json b/2011/4xxx/CVE-2011-4703.json index d4040dcf29e..82227bb4b23 100644 --- a/2011/4xxx/CVE-2011-4703.json +++ b/2011/4xxx/CVE-2011-4703.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4703-vulnerability-in-LimitMyCall.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4732.json b/2011/4xxx/CVE-2011-4732.json index df4f0028260..184fbafedc4 100644 --- a/2011/4xxx/CVE-2011-4732.json +++ b/2011/4xxx/CVE-2011-4732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" - }, - { - "name" : "plesk-server-charset-unspecified(72327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving account/power-mode-logout and certain other files. NOTE: it is possible that only clients, not the Plesk product, could be affected by this issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" + }, + { + "name": "plesk-server-charset-unspecified(72327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72327" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5625.json b/2013/5xxx/CVE-2013-5625.json index 64a1f2a627d..8d6f010656c 100644 --- a/2013/5xxx/CVE-2013-5625.json +++ b/2013/5xxx/CVE-2013-5625.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5625", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5625", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2750.json b/2014/2xxx/CVE-2014-2750.json index a43bf488fde..2aea4bf4d10 100644 --- a/2014/2xxx/CVE-2014-2750.json +++ b/2014/2xxx/CVE-2014-2750.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2750", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745. Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2750", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2744, CVE-2014-2745. Reason: This candidate is a duplicate of CVE-2014-2744 and/or CVE-2014-2745. Notes: All CVE users should reference CVE-2014-2744 and/or CVE-2014-2745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2917.json b/2014/2xxx/CVE-2014-2917.json index 0fc7cce7813..bf6c6912005 100644 --- a/2014/2xxx/CVE-2014-2917.json +++ b/2014/2xxx/CVE-2014-2917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2943.json b/2014/2xxx/CVE-2014-2943.json index 514f12ed328..c21ce33c682 100644 --- a/2014/2xxx/CVE-2014-2943.json +++ b/2014/2xxx/CVE-2014-2943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2943", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2943", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2886, CVE-2014-2942. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-2886 and CVE-2014-2942 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6046.json b/2014/6xxx/CVE-2014-6046.json index 6bb645666ab..a552cd1175c 100644 --- a/2014/6xxx/CVE-2014-6046.json +++ b/2014/6xxx/CVE-2014-6046.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://techdefencelabs.com/security-advisories.html", - "refsource" : "MISC", - "url" : "http://techdefencelabs.com/security-advisories.html" - }, - { - "name" : "https://www.phpmyfaq.de/security/advisory-2014-09-16", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyfaq.de/security/advisory-2014-09-16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that (1) delete active users by leveraging improper validation of CSRF tokens or that (2) delete open questions, (3) activate users, (4) publish FAQs, (5) add or delete Glossary, (6) add or delete FAQ news, or (7) add or delete comments or add votes by leveraging lack of a CSRF token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://techdefencelabs.com/security-advisories.html", + "refsource": "MISC", + "url": "http://techdefencelabs.com/security-advisories.html" + }, + { + "name": "https://www.phpmyfaq.de/security/advisory-2014-09-16", + "refsource": "CONFIRM", + "url": "https://www.phpmyfaq.de/security/advisory-2014-09-16" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6202.json b/2014/6xxx/CVE-2014-6202.json index dbeaf7c7830..0d993474ad3 100644 --- a/2014/6xxx/CVE-2014-6202.json +++ b/2014/6xxx/CVE-2014-6202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6995.json b/2014/6xxx/CVE-2014-6995.json index 111859a4872..be3d2a9b9de 100644 --- a/2014/6xxx/CVE-2014-6995.json +++ b/2014/6xxx/CVE-2014-6995.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#308641", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/308641" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#308641", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/308641" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7435.json b/2014/7xxx/CVE-2014-7435.json index 0e5644fbdf3..5e85ec2ea49 100644 --- a/2014/7xxx/CVE-2014-7435.json +++ b/2014/7xxx/CVE-2014-7435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#152177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/152177" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#152177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/152177" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7592.json b/2014/7xxx/CVE-2014-7592.json index cac1e30e86d..7eba9231d9b 100644 --- a/2014/7xxx/CVE-2014-7592.json +++ b/2014/7xxx/CVE-2014-7592.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#649113", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/649113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#649113", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/649113" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7669.json b/2014/7xxx/CVE-2014-7669.json index 65eb295b3f3..356b9530ea9 100644 --- a/2014/7xxx/CVE-2014-7669.json +++ b/2014/7xxx/CVE-2014-7669.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7669", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7669", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7941.json b/2014/7xxx/CVE-2014-7941.json index 84268b9bad9..ae9907325f1 100644 --- a/2014/7xxx/CVE-2014-7941.json +++ b/2014/7xxx/CVE-2014-7941.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=428557", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=428557" - }, - { - "name" : "https://codereview.chromium.org/697863002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/697863002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=428557", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=428557" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "https://codereview.chromium.org/697863002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/697863002" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000177.json b/2017/1000xxx/CVE-2017-1000177.json index 92817c18eeb..4ed24608186 100644 --- a/2017/1000xxx/CVE-2017-1000177.json +++ b/2017/1000xxx/CVE-2017-1000177.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1000177", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1000177", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18016.json b/2017/18xxx/CVE-2017-18016.json index a700425ef96..877d5a9e5ef 100644 --- a/2017/18xxx/CVE-2017-18016.json +++ b/2017/18xxx/CVE-2017-18016.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43499", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43499/" - }, - { - "name" : "[oss-security] 20180110 CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/01/10/1" - }, - { - "name" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016", - "refsource" : "MISC", - "url" : "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016" - }, - { - "name" : "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215", - "refsource" : "CONFIRM", - "url" : "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016", + "refsource": "MISC", + "url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016" + }, + { + "name": "[oss-security] 20180110 CVE-2017-18016 - Paritytech Parity Ethereum built-in Dapp Browser <= v1.6.10 webproxy token reuse same-origin policy bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/01/10/1" + }, + { + "name": "43499", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43499/" + }, + { + "name": "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215", + "refsource": "CONFIRM", + "url": "https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18074.json b/2017/18xxx/CVE-2017-18074.json index 986d2111129..1fa56921d5b 100644 --- a/2017/18xxx/CVE-2017-18074.json +++ b/2017/18xxx/CVE-2017-18074.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in Audio" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 835, while playing a .wma file with modified media header with non-standard bytes per second parameter value, a reachable assert occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1041.json b/2017/1xxx/CVE-2017-1041.json index c368d25bf99..abdebd11d0a 100644 --- a/2017/1xxx/CVE-2017-1041.json +++ b/2017/1xxx/CVE-2017-1041.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1041", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1041", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1065.json b/2017/1xxx/CVE-2017-1065.json index 493481305af..b8b0f76b5c2 100644 --- a/2017/1xxx/CVE-2017-1065.json +++ b/2017/1xxx/CVE-2017-1065.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1065", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1065", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1258.json b/2017/1xxx/CVE-2017-1258.json index 2cc21eeaabc..1fe2051f892 100644 --- a/2017/1xxx/CVE-2017-1258.json +++ b/2017/1xxx/CVE-2017-1258.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-06-29T00:00:00", - "ID" : "CVE-2017-1258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Bypass Security" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-06-29T00:00:00", + "ID": "CVE-2017-1258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.1.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004309", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004309" - }, - { - "name" : "99377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.0 and 10.1 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM X-Force ID: 124685" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Bypass Security" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99377" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124685" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004309", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004309" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1342.json b/2017/1xxx/CVE-2017-1342.json index c61e4c4e293..3b7b461ac9d 100644 --- a/2017/1xxx/CVE-2017-1342.json +++ b/2017/1xxx/CVE-2017-1342.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-22T00:00:00", - "ID" : "CVE-2017-1342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insights Foundation for Energy", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-22T00:00:00", + "ID": "CVE-2017-1342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insights Foundation for Energy", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009039", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Insights Foundation for Energy 2.0 could reveal sensitive information in error messages to authenticated users that could e used to conduct further attacks. IBM X-Force ID: 126457." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009039", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009039" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126457" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5400.json b/2017/5xxx/CVE-2017-5400.json index 8f7c8a12b3f..45e6ee92966 100644 --- a/2017/5xxx/CVE-2017-5400.json +++ b/2017/5xxx/CVE-2017-5400.json @@ -1,154 +1,154 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - }, - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "asm.js JIT-spray bypass of ASLR and DEP" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + }, + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "DSA-3805", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3805" - }, - { - "name" : "DSA-3832", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3832" - }, - { - "name" : "GLSA-201705-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-06" - }, - { - "name" : "GLSA-201705-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-07" - }, - { - "name" : "RHSA-2017:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html" - }, - { - "name" : "RHSA-2017:0461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html" - }, - { - "name" : "RHSA-2017:0498", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html" - }, - { - "name" : "96654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96654" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "asm.js JIT-spray bypass of ASLR and DEP" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96654" + }, + { + "name": "RHSA-2017:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "DSA-3832", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "GLSA-201705-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-06" + }, + { + "name": "RHSA-2017:0461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html" + }, + { + "name": "DSA-3805", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3805" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "RHSA-2017:0498", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html" + }, + { + "name": "GLSA-201705-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-07" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1334933" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5403.json b/2017/5xxx/CVE-2017-5403.json index 0d2e925a041..82d264377b2 100644 --- a/2017/5xxx/CVE-2017-5403.json +++ b/2017/5xxx/CVE-2017-5403.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free using addRange to add range to an incorrect root object" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "96691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96691" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When adding a range to an object in the DOM, it is possible to use \"addRange\" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free using addRange to add range to an incorrect root object" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1340186" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "96691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96691" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5453.json b/2017/5xxx/CVE-2017-5453.json index bae5668b6e4..16cf0964185 100644 --- a/2017/5xxx/CVE-2017-5453.json +++ b/2017/5xxx/CVE-2017-5453.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HTML injection into RSS Reader feed preview page through TITLE element" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's \"TITLE\" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTML injection into RSS Reader feed preview page through TITLE element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1321247" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + } + ] + } +} \ No newline at end of file