diff --git a/2006/2xxx/CVE-2006-2151.json b/2006/2xxx/CVE-2006-2151.json index ff4dfc37da7..f79dc29a0f8 100644 --- a/2006/2xxx/CVE-2006-2151.json +++ b/2006/2xxx/CVE-2006-2151.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1722", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1722" - }, - { - "name" : "1724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1724" - }, - { - "name" : "ADV-2006-1601", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1601" - }, - { - "name" : "25260", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25260" - }, - { - "name" : "19884", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19884" - }, - { - "name" : "toplist-toplist-list-file-include(26172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "toplist-toplist-list-file-include(26172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26172" + }, + { + "name": "25260", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25260" + }, + { + "name": "1724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1724" + }, + { + "name": "ADV-2006-1601", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1601" + }, + { + "name": "1722", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1722" + }, + { + "name": "19884", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19884" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2289.json b/2006/2xxx/CVE-2006-2289.json index 97017273b8e..12c8e45da23 100644 --- a/2006/2xxx/CVE-2006-2289.json +++ b/2006/2xxx/CVE-2006-2289.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi", - "refsource" : "CONFIRM", - "url" : "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi" - }, - { - "name" : "SUSE-SR:2006:011", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_19.html" - }, - { - "name" : "17884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17884" - }, - { - "name" : "20022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20022" - }, - { - "name" : "20215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20215" - }, - { - "name" : "avahi-core-bo(26331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi", + "refsource": "CONFIRM", + "url": "http://0pointer.de/cgi-bin/viewcvs.cgi/*checkout*/trunk/docs/NEWS?root=avahi" + }, + { + "name": "20022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20022" + }, + { + "name": "17884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17884" + }, + { + "name": "avahi-core-bo(26331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26331" + }, + { + "name": "SUSE-SR:2006:011", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_19.html" + }, + { + "name": "20215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20215" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2539.json b/2006/2xxx/CVE-2006-2539.json index 294956a1073..189909435bf 100644 --- a/2006/2xxx/CVE-2006-2539.json +++ b/2006/2xxx/CVE-2006-2539.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sybase.com/detail?id=1040665", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1040665" - }, - { - "name" : "18036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18036" - }, - { - "name" : "ADV-2006-1869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1869" - }, - { - "name" : "20145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20145" - }, - { - "name" : "sybase-easerver-jpasswordfield-obtain-info(26567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20145" + }, + { + "name": "sybase-easerver-jpasswordfield-obtain-info(26567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26567" + }, + { + "name": "ADV-2006-1869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1869" + }, + { + "name": "http://www.sybase.com/detail?id=1040665", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1040665" + }, + { + "name": "18036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18036" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2666.json b/2006/2xxx/CVE-2006-2666.json index 0ae1f88225d..0871096088a 100644 --- a/2006/2xxx/CVE-2006-2666.json +++ b/2006/2xxx/CVE-2006-2666.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1827", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1827" - }, - { - "name" : "30164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30164" - }, - { - "name" : "ADV-2006-1989", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1989" - }, - { - "name" : "1016160", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016160" - }, - { - "name" : "20297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20297" - }, - { - "name" : "vwebmail-pop3-file-include(26694)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26694" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20297" + }, + { + "name": "30164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30164" + }, + { + "name": "1827", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1827" + }, + { + "name": "vwebmail-pop3-file-include(26694)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26694" + }, + { + "name": "ADV-2006-1989", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1989" + }, + { + "name": "1016160", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016160" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2879.json b/2006/2xxx/CVE-2006-2879.json index 871fb026a18..75dff192ccf 100644 --- a/2006/2xxx/CVE-2006-2879.json +++ b/2006/2xxx/CVE-2006-2879.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060605 ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435988" - }, - { - "name" : "18274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18274" - }, - { - "name" : "ADV-2006-2151", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2151" - }, - { - "name" : "20469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20469" - }, - { - "name" : "1057", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1057" - }, - { - "name" : "alexnews-newscomments-sql-injection(26946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "alexnews-newscomments-sql-injection(26946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26946" + }, + { + "name": "20469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20469" + }, + { + "name": "20060605 ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435988" + }, + { + "name": "ADV-2006-2151", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2151" + }, + { + "name": "18274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18274" + }, + { + "name": "1057", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1057" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2961.json b/2006/2xxx/CVE-2006-2961.json index 0cd5be425d6..2cfc3b4c003 100644 --- a/2006/2xxx/CVE-2006-2961.json +++ b/2006/2xxx/CVE-2006-2961.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18586" - }, - { - "name" : "ADV-2006-2287", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2287" - }, - { - "name" : "26364", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26364" - }, - { - "name" : "20574", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20574" - }, - { - "name" : "cesarftp-mkd-bo(27071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cesarftp-mkd-bo(27071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27071" + }, + { + "name": "18586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18586" + }, + { + "name": "26364", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26364" + }, + { + "name": "20574", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20574" + }, + { + "name": "ADV-2006-2287", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2287" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3575.json b/2006/3xxx/CVE-2006-3575.json index b3eec9d3d06..a8c51f663cc 100644 --- a/2006/3xxx/CVE-2006-3575.json +++ b/2006/3xxx/CVE-2006-3575.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439430/100/0/threaded" - }, - { - "name" : "1016450", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016450" - }, - { - "name" : "1216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1216" - }, - { - "name" : "mcafee-virusscan-boprotection-dos(27625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Buffer Overflow Protection in McAfee VirusScan Enterprise 8.0.0 allows local users to cause a denial of service (unstable operation) via a long string in the (1) \"Process name\", (2) \"Module name\", or (3) \"API name\" fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016450", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016450" + }, + { + "name": "20060707 McAfee VirusScan Enterprise 8.0.0 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439430/100/0/threaded" + }, + { + "name": "1216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1216" + }, + { + "name": "mcafee-virusscan-boprotection-dos(27625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27625" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3639.json b/2006/3xxx/CVE-2006-3639.json index 9500c098e18..7cd202fdca8 100644 --- a/2006/3xxx/CVE-2006-3639.json +++ b/2006/3xxx/CVE-2006-3639.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2006-3639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS06-042", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" - }, - { - "name" : "TA06-220A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" - }, - { - "name" : "VU#252764", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/252764" - }, - { - "name" : "19400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19400" - }, - { - "name" : "ADV-2006-3212", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3212" - }, - { - "name" : "27851", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27851" - }, - { - "name" : "oval:org.mitre.oval:def:577", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" - }, - { - "name" : "1016663", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016663" - }, - { - "name" : "21396", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21396" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka \"Source Element Cross-Domain Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016663", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016663" + }, + { + "name": "MS06-042", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042" + }, + { + "name": "21396", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21396" + }, + { + "name": "27851", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27851" + }, + { + "name": "ADV-2006-3212", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3212" + }, + { + "name": "TA06-220A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html" + }, + { + "name": "VU#252764", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/252764" + }, + { + "name": "19400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19400" + }, + { + "name": "oval:org.mitre.oval:def:577", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A577" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3771.json b/2006/3xxx/CVE-2006-3771.json index ee7153e8000..a2807ca290d 100644 --- a/2006/3xxx/CVE-2006-3771.json +++ b/2006/3xxx/CVE-2006-3771.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060720 [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440642/100/0/threaded" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt" - }, - { - "name" : "2046", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2046" - }, - { - "name" : "19090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19090" - }, - { - "name" : "28647", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28647" - }, - { - "name" : "28652", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28652" - }, - { - "name" : "28653", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28653" - }, - { - "name" : "28656", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28656" - }, - { - "name" : "28657", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28657" - }, - { - "name" : "28658", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28658" - }, - { - "name" : "28659", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28659" - }, - { - "name" : "28660", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28660" - }, - { - "name" : "28661", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28661" - }, - { - "name" : "28662", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28662" - }, - { - "name" : "28663", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28663" - }, - { - "name" : "28664", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28664" - }, - { - "name" : "28665", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28665" - }, - { - "name" : "28666", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28666" - }, - { - "name" : "28667", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28667" - }, - { - "name" : "28668", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28668" - }, - { - "name" : "28669", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28669" - }, - { - "name" : "28670", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28670" - }, - { - "name" : "28671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28671" - }, - { - "name" : "28648", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28648" - }, - { - "name" : "28649", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28649" - }, - { - "name" : "28650", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28650" - }, - { - "name" : "28651", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28651" - }, - { - "name" : "28654", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28654" - }, - { - "name" : "28655", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28655" - }, - { - "name" : "1016551", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016551" - }, - { - "name" : "1265", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1265" - }, - { - "name" : "imanagecms-absolutepath-file-include(27875)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27875" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28652", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28652" + }, + { + "name": "28665", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28665" + }, + { + "name": "28661", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28661" + }, + { + "name": "20060720 [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440642/100/0/threaded" + }, + { + "name": "28654", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28654" + }, + { + "name": "28670", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28670" + }, + { + "name": "28653", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28653" + }, + { + "name": "19090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19090" + }, + { + "name": "28655", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28655" + }, + { + "name": "28663", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28663" + }, + { + "name": "28660", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28660" + }, + { + "name": "28651", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28651" + }, + { + "name": "28648", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28648" + }, + { + "name": "28671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28671" + }, + { + "name": "28649", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28649" + }, + { + "name": "1016551", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016551" + }, + { + "name": "28669", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28669" + }, + { + "name": "28656", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28656" + }, + { + "name": "28664", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28664" + }, + { + "name": "28647", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28647" + }, + { + "name": "28658", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28658" + }, + { + "name": "28668", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28668" + }, + { + "name": "28662", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28662" + }, + { + "name": "1265", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1265" + }, + { + "name": "imanagecms-absolutepath-file-include(27875)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27875" + }, + { + "name": "2046", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2046" + }, + { + "name": "28659", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28659" + }, + { + "name": "28650", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28650" + }, + { + "name": "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv40-matdhule-2006.txt" + }, + { + "name": "28667", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28667" + }, + { + "name": "28657", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28657" + }, + { + "name": "28666", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28666" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3807.json b/2006/3xxx/CVE-2006-3807.json index be3a7388c86..036f1a6a324 100644 --- a/2006/3xxx/CVE-2006-3807.json +++ b/2006/3xxx/CVE-2006-3807.json @@ -1,407 +1,407 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling \"named JavaScript functions\" that use the constructor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060727 rPSA-2006-0137-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441333/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-536", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-536" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-537", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-537" - }, - { - "name" : "DSA-1159", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1159" - }, - { - "name" : "DSA-1160", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1160" - }, - { - "name" : "DSA-1161", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1161" - }, - { - "name" : "GLSA-200608-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-02.xml" - }, - { - "name" : "GLSA-200608-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200608-04.xml" - }, - { - "name" : "GLSA-200608-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446658/100/200/threaded" - }, - { - "name" : "HPSBUX02156", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "SSRT061236", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/446657/100/200/threaded" - }, - { - "name" : "MDKSA-2006:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" - }, - { - "name" : "MDKSA-2006:145", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" - }, - { - "name" : "MDKSA-2006:146", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" - }, - { - "name" : "RHSA-2006:0608", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0608.html" - }, - { - "name" : "RHSA-2006:0610", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0610.html" - }, - { - "name" : "RHSA-2006:0611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0611.html" - }, - { - "name" : "RHSA-2006:0609", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0609.html" - }, - { - "name" : "RHSA-2006:0594", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0594.html" - }, - { - "name" : "20060703-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" - }, - { - "name" : "102763", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" - }, - { - "name" : "SUSE-SA:2006:048", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" - }, - { - "name" : "USN-327-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/327-1/" - }, - { - "name" : "USN-329-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/329-1/" - }, - { - "name" : "USN-350-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-350-1" - }, - { - "name" : "USN-354-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-354-1" - }, - { - "name" : "USN-361-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-361-1" - }, - { - "name" : "TA06-208A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" - }, - { - "name" : "VU#687396", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/687396" - }, - { - "name" : "19181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19181" - }, - { - "name" : "oval:org.mitre.oval:def:10374", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374" - }, - { - "name" : "ADV-2006-2998", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2998" - }, - { - "name" : "ADV-2007-0058", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0058" - }, - { - "name" : "ADV-2006-3748", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3748" - }, - { - "name" : "ADV-2006-3749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3749" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1016586", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016586" - }, - { - "name" : "1016587", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016587" - }, - { - "name" : "1016588", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016588" - }, - { - "name" : "19873", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19873" - }, - { - "name" : "21216", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21216" - }, - { - "name" : "21228", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21228" - }, - { - "name" : "21229", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21229" - }, - { - "name" : "21246", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21246" - }, - { - "name" : "21243", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21243" - }, - { - "name" : "21269", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21269" - }, - { - "name" : "21270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21270" - }, - { - "name" : "21275", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21275" - }, - { - "name" : "21336", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21336" - }, - { - "name" : "21358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21358" - }, - { - "name" : "21361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21361" - }, - { - "name" : "21250", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21250" - }, - { - "name" : "21262", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21262" - }, - { - "name" : "21343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21343" - }, - { - "name" : "21529", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21529" - }, - { - "name" : "21532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21532" - }, - { - "name" : "21607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21607" - }, - { - "name" : "21631", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21631" - }, - { - "name" : "21654", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21654" - }, - { - "name" : "21634", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21634" - }, - { - "name" : "21675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21675" - }, - { - "name" : "22055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22055" - }, - { - "name" : "22210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22210" - }, - { - "name" : "22342", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22342" - }, - { - "name" : "22065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22065" - }, - { - "name" : "22066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22066" - }, - { - "name" : "mozilla-js-constructor-code-execution(27988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling \"named JavaScript functions\" that use the constructor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1161", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1161" + }, + { + "name": "21243", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21243" + }, + { + "name": "RHSA-2006:0608", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0608.html" + }, + { + "name": "DSA-1160", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1160" + }, + { + "name": "GLSA-200608-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-02.xml" + }, + { + "name": "MDKSA-2006:145", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:145" + }, + { + "name": "ADV-2006-3748", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3748" + }, + { + "name": "19181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19181" + }, + { + "name": "TA06-208A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-208A.html" + }, + { + "name": "22055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22055" + }, + { + "name": "ADV-2006-2998", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2998" + }, + { + "name": "USN-361-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-361-1" + }, + { + "name": "20060727 rPSA-2006-0137-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441333/100/0/threaded" + }, + { + "name": "mozilla-js-constructor-code-execution(27988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27988" + }, + { + "name": "21529", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21529" + }, + { + "name": "21216", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21216" + }, + { + "name": "GLSA-200608-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-03.xml" + }, + { + "name": "ADV-2007-0058", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0058" + }, + { + "name": "RHSA-2006:0594", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0594.html" + }, + { + "name": "21336", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21336" + }, + { + "name": "ADV-2006-3749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3749" + }, + { + "name": "RHSA-2006:0610", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0610.html" + }, + { + "name": "21654", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21654" + }, + { + "name": "1016588", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016588" + }, + { + "name": "USN-329-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/329-1/" + }, + { + "name": "MDKSA-2006:146", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:146" + }, + { + "name": "RHSA-2006:0609", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0609.html" + }, + { + "name": "22210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22210" + }, + { + "name": "21634", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21634" + }, + { + "name": "21607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21607" + }, + { + "name": "1016586", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016586" + }, + { + "name": "19873", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19873" + }, + { + "name": "21262", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21262" + }, + { + "name": "21532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21532" + }, + { + "name": "21270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21270" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "USN-327-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/327-1/" + }, + { + "name": "21361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21361" + }, + { + "name": "VU#687396", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/687396" + }, + { + "name": "21631", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21631" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "SSRT061236", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "21275", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21275" + }, + { + "name": "21246", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21246" + }, + { + "name": "SUSE-SA:2006:048", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_48_seamonkey.html" + }, + { + "name": "21229", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21229" + }, + { + "name": "21675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21675" + }, + { + "name": "1016587", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016587" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446658/100/200/threaded" + }, + { + "name": "RHSA-2006:0611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0611.html" + }, + { + "name": "21228", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21228" + }, + { + "name": "21250", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21250" + }, + { + "name": "USN-350-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-350-1" + }, + { + "name": "HPSBUX02156", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/446657/100/200/threaded" + }, + { + "name": "22342", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22342" + }, + { + "name": "102763", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102763-1" + }, + { + "name": "21358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21358" + }, + { + "name": "https://issues.rpath.com/browse/RPL-536", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-536" + }, + { + "name": "https://issues.rpath.com/browse/RPL-537", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-537" + }, + { + "name": "22066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22066" + }, + { + "name": "21269", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21269" + }, + { + "name": "GLSA-200608-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200608-04.xml" + }, + { + "name": "21343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21343" + }, + { + "name": "oval:org.mitre.oval:def:10374", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10374" + }, + { + "name": "MDKSA-2006:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:143" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-51.html" + }, + { + "name": "22065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22065" + }, + { + "name": "USN-354-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-354-1" + }, + { + "name": "20060703-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" + }, + { + "name": "DSA-1159", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1159" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3849.json b/2006/3xxx/CVE-2006-3849.json index 1e9bb04b1bc..1f0bc4a4fcf 100644 --- a/2006/3xxx/CVE-2006-3849.json +++ b/2006/3xxx/CVE-2006-3849.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060723 Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441039/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/warzonebof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/warzonebof-adv.txt" - }, - { - "name" : "GLSA-200608-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml" - }, - { - "name" : "19118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19118" - }, - { - "name" : "ADV-2006-2943", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2943" - }, - { - "name" : "21474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21474" - }, - { - "name" : "1283", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1283" - }, - { - "name" : "warzone-netrecvfile-bo(27915)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27915" - }, - { - "name" : "warzone-recvtextmessage-bo(27910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/warzonebof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/warzonebof-adv.txt" + }, + { + "name": "warzone-recvtextmessage-bo(27910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27910" + }, + { + "name": "ADV-2006-2943", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2943" + }, + { + "name": "20060723 Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441039/100/0/threaded" + }, + { + "name": "1283", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1283" + }, + { + "name": "21474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21474" + }, + { + "name": "warzone-netrecvfile-bo(27915)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27915" + }, + { + "name": "19118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19118" + }, + { + "name": "GLSA-200608-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-16.xml" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6668.json b/2006/6xxx/CVE-2006-6668.json index 06550595550..177f7030eef 100644 --- a/2006/6xxx/CVE-2006-6668.json +++ b/2006/6xxx/CVE-2006-6668.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-5059", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5059", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5059" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6818.json b/2006/6xxx/CVE-2006-6818.json index cce8cbf6ec4..90ce5e18858 100644 --- a/2006/6xxx/CVE-2006-6818.json +++ b/2006/6xxx/CVE-2006-6818.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061227 Host directory full disclosure and input error", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455352/100/0/threaded" - }, - { - "name" : "21787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21787" - }, - { - "name" : "host-directory-admin-security-bypass(31123)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21787" + }, + { + "name": "host-directory-admin-security-bypass(31123)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31123" + }, + { + "name": "20061227 Host directory full disclosure and input error", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455352/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6996.json b/2006/6xxx/CVE-2006-6996.json index 76edc7f23c8..80a2e5d4b6f 100644 --- a/2006/6xxx/CVE-2006-6996.json +++ b/2006/6xxx/CVE-2006-6996.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19697" - }, - { - "name" : "warforgenews-multiple-xss(25901)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19697" + }, + { + "name": "warforgenews-multiple-xss(25901)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25901" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7082.json b/2006/7xxx/CVE-2006-7082.json index 237c8c86b42..3be3ef04af7 100644 --- a/2006/7xxx/CVE-2006-7082.json +++ b/2006/7xxx/CVE-2006-7082.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060719 Multiple Vulnerabilities RPS", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html" - }, - { - "name" : "28637", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28637" - }, - { - "name" : "28638", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28638" - }, - { - "name" : "2322", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2322" - }, - { - "name" : "rps-images-files-file-upload(27873)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28637", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28637" + }, + { + "name": "20060719 Multiple Vulnerabilities RPS", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html" + }, + { + "name": "rps-images-files-file-upload(27873)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27873" + }, + { + "name": "28638", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28638" + }, + { + "name": "2322", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2322" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0044.json b/2011/0xxx/CVE-2011-0044.json index 16727ed8291..f5c5873c092 100644 --- a/2011/0xxx/CVE-2011-0044.json +++ b/2011/0xxx/CVE-2011-0044.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0044", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-0044", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0276.json b/2011/0xxx/CVE-2011-0276.json index bf8bf2eef57..77facf41305 100644 --- a/2011/0xxx/CVE-2011-0276.json +++ b/2011/0xxx/CVE-2011-0276.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a \"hidden account\" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-0276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110131 ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/516093/100/0/threaded" - }, - { - "name" : "16984", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/16984" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-034", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-034" - }, - { - "name" : "HPSBMA02627", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453" - }, - { - "name" : "SSRT090246", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453" - }, - { - "name" : "46079", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46079" - }, - { - "name" : "70754", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70754" - }, - { - "name" : "1025014", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025014" - }, - { - "name" : "43145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43145" - }, - { - "name" : "8136", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8136" - }, - { - "name" : "ADV-2011-0258", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0258" - }, - { - "name" : "openview-dopost-code-execution(65038)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65038" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a \"hidden account\" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70754", + "refsource": "OSVDB", + "url": "http://osvdb.org/70754" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-034", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-034" + }, + { + "name": "SSRT090246", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453" + }, + { + "name": "20110131 ZDI-11-034: HP OpenView Performance Insight Server Backdoor Account Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/516093/100/0/threaded" + }, + { + "name": "HPSBMA02627", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02695453" + }, + { + "name": "8136", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8136" + }, + { + "name": "16984", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/16984" + }, + { + "name": "1025014", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025014" + }, + { + "name": "openview-dopost-code-execution(65038)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65038" + }, + { + "name": "43145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43145" + }, + { + "name": "ADV-2011-0258", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0258" + }, + { + "name": "46079", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46079" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0543.json b/2011/0xxx/CVE-2011-0543.json index 50647cbaad5..1a774d54c21 100644 --- a/2011/0xxx/CVE-2011-0543.json +++ b/2011/0xxx/CVE-2011-0543.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110201 CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/02/2" - }, - { - "name" : "[oss-security] 20110203 Re: CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/03/5" - }, - { - "name" : "[oss-security] 20110208 Re: CVE request: fuse", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/08/4" - }, - { - "name" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", - "refsource" : "CONFIRM", - "url" : "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47" - }, - { - "name" : "SUSE-SR:2011:005", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110201 CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/02/2" + }, + { + "name": "SUSE-SR:2011:005", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html" + }, + { + "name": "[oss-security] 20110203 Re: CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/03/5" + }, + { + "name": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47", + "refsource": "CONFIRM", + "url": "http://fuse.git.sourceforge.net/git/gitweb.cgi?p=fuse/fuse;a=commit;h=cbd3a2a84068aae6e3fe32939d88470d712dbf47" + }, + { + "name": "[oss-security] 20110208 Re: CVE request: fuse", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/08/4" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0712.json b/2011/0xxx/CVE-2011-0712.json index 28b145a92f9..625816f41b9 100644 --- a/2011/0xxx/CVE-2011-0712.json +++ b/2011/0xxx/CVE-2011-0712.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/16/11" - }, - { - "name" : "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/16/12" - }, - { - "name" : "[oss-security] 20110216 kernel: ALSA: caiaq - Fix possible string-buffer overflow", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/02/16/5" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=677881", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=677881" - }, - { - "name" : "USN-1146-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1146-1" - }, - { - "name" : "46419", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46419" - }, - { - "name" : "kernel-usbdevice-bo(65461)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1146-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1146-1" + }, + { + "name": "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/16/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=677881", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=677881" + }, + { + "name": "kernel-usbdevice-bo(65461)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65461" + }, + { + "name": "46419", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46419" + }, + { + "name": "[oss-security] 20110216 kernel: ALSA: caiaq - Fix possible string-buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/16/5" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commit;h=eaae55dac6b64c0616046436b294e69fc5311581" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.38-rc4-next-20110215.bz2" + }, + { + "name": "[oss-security] 20110216 Re: kernel: ALSA: caiaq - Fix possible string-buffer overflow", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/02/16/12" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1251.json b/2011/1xxx/CVE-2011-1251.json index 00fe594f3a4..f2298c3c7b4 100644 --- a/2011/1xxx/CVE-2011-1251.json +++ b/2011/1xxx/CVE-2011-1251.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"DOM Manipulation Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS11-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" - }, - { - "name" : "oval:org.mitre.oval:def:12326", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka \"DOM Manipulation Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12326", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12326" + }, + { + "name": "MS11-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-050" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1677.json b/2011/1xxx/CVE-2011-1677.json index d76de378aaf..051e5452394 100644 --- a/2011/1xxx/CVE-2011-1677.json +++ b/2011/1xxx/CVE-2011-1677.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/11" - }, - { - "name" : "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/9" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/10" - }, - { - "name" : "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/04/12" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/3" - }, - { - "name" : "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/05/7" - }, - { - "name" : "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/07/9" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/5" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/7" - }, - { - "name" : "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/14/16" - }, - { - "name" : "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/15/6" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/4" - }, - { - "name" : "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/22/6" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/3" - }, - { - "name" : "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/03/31/4" - }, - { - "name" : "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/01/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688980" - }, - { - "name" : "RHSA-2011:1691", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1691.html" - }, - { - "name" : "48114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48114" - }, - { - "name" : "utillinux-mount-unspecified(66703)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/5" + }, + { + "name": "[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/9" + }, + { + "name": "utillinux-mount-unspecified(66703)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66703" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/6" + }, + { + "name": "[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/22/4" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/7" + }, + { + "name": "48114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48114" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=688980", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=688980" + }, + { + "name": "[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/07/9" + }, + { + "name": "[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/01/2" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/10" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/16" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/4" + }, + { + "name": "[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/12" + }, + { + "name": "[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/14/7" + }, + { + "name": "[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/04/11" + }, + { + "name": "[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/05/3" + }, + { + "name": "[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/31/3" + }, + { + "name": "[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/03/15/6" + }, + { + "name": "RHSA-2011:1691", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1691.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1797.json b/2011/1xxx/CVE-2011-1797.json index 45ffaa610d7..d136518210f 100644 --- a/2011/1xxx/CVE-2011-1797.json +++ b/2011/1xxx/CVE-2011-1797.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-1797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "http://crbug.com/79075", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/79075" - }, - { - "name" : "http://launchpad.net/bugs/778822", - "refsource" : "CONFIRM", - "url" : "http://launchpad.net/bugs/778822" - }, - { - "name" : "http://trac.webkit.org/changeset/85355", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/85355" - }, - { - "name" : "http://trac.webkit.org/changeset/86781", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/86781" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - }, - { - "name" : "DSA-2245", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2245", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2245" + }, + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://trac.webkit.org/changeset/85355", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/85355" + }, + { + "name": "http://crbug.com/79075", + "refsource": "CONFIRM", + "url": "http://crbug.com/79075" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://trac.webkit.org/changeset/86781", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/86781" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + }, + { + "name": "http://launchpad.net/bugs/778822", + "refsource": "CONFIRM", + "url": "http://launchpad.net/bugs/778822" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1850.json b/2011/1xxx/CVE-2011-1850.json index f546a38cb43..c19901d66dd 100644 --- a/2011/1xxx/CVE-2011-1850.json +++ b/2011/1xxx/CVE-2011-1850.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-162/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-162/" - }, - { - "name" : "HPSBGN02680", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "SSRT100361", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" - }, - { - "name" : "47789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47789" - }, - { - "name" : "1025519", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBGN02680", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "1025519", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025519" + }, + { + "name": "SSRT100361", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02822750" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-11-162/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-11-162/" + }, + { + "name": "47789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47789" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3207.json b/2011/3xxx/CVE-2011-3207.json index c4e2438c61e..d5e931c4cff 100644 --- a/2011/3xxx/CVE-2011-3207.json +++ b/2011/3xxx/CVE-2011-3207.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.openssl.org/chngview?cn=21349", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=21349" - }, - { - "name" : "http://openssl.org/news/secadv_20110906.txt", - "refsource" : "CONFIRM", - "url" : "http://openssl.org/news/secadv_20110906.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=736087", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=736087" - }, - { - "name" : "http://support.apple.com/kb/HT5784", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5784" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" - }, - { - "name" : "APPLE-SA-2013-06-04-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" - }, - { - "name" : "FEDORA-2011-12233", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html" - }, - { - "name" : "FEDORA-2011-12281", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html" - }, - { - "name" : "FEDORA-2012-18035", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" - }, - { - "name" : "HPSBMU02752", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2" - }, - { - "name" : "SSRT100802", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133226187115472&w=2" - }, - { - "name" : "MDVSA-2011:137", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" - }, - { - "name" : "RHSA-2011:1409", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1409.html" - }, - { - "name" : "1026012", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026012" - }, - { - "name" : "45956", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45956" - }, - { - "name" : "57353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02752", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2" + }, + { + "name": "SSRT100802", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133226187115472&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" + }, + { + "name": "FEDORA-2012-18035", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" + }, + { + "name": "FEDORA-2011-12233", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=21349", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=21349" + }, + { + "name": "45956", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45956" + }, + { + "name": "MDVSA-2011:137", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:137" + }, + { + "name": "FEDORA-2011-12281", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html" + }, + { + "name": "http://support.apple.com/kb/HT5784", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5784" + }, + { + "name": "APPLE-SA-2013-06-04-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=736087", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=736087" + }, + { + "name": "1026012", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026012" + }, + { + "name": "http://openssl.org/news/secadv_20110906.txt", + "refsource": "CONFIRM", + "url": "http://openssl.org/news/secadv_20110906.txt" + }, + { + "name": "57353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57353" + }, + { + "name": "RHSA-2011:1409", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1409.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3501.json b/2011/3xxx/CVE-2011-3501.json index 8a672aa2e9a..c708875323f 100644 --- a/2011/3xxx/CVE-2011-3501.json +++ b/2011/3xxx/CVE-2011-3501.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/cogent_3-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cogent_3-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/cogent_3-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cogent_3-adv.txt" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3662.json b/2011/3xxx/CVE-2011-3662.json index 10bae6ad36c..acda22b790d 100644 --- a/2011/3xxx/CVE-2011-3662.json +++ b/2011/3xxx/CVE-2011-3662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3662", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3662", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3705.json b/2011/3xxx/CVE-2011-3705.json index a56885fda58..4118c500fc4 100644 --- a/2011/3xxx/CVE-2011-3705.json +++ b/2011/3xxx/CVE-2011-3705.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by acp/includes/edit.inc.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Arctic-Fox-CMS-v0.9.4" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3998.json b/2011/3xxx/CVE-2011-3998.json index 512388ff2fe..bbee9a35391 100644 --- a/2011/3xxx/CVE-2011-3998.json +++ b/2011/3xxx/CVE-2011-3998.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#37223351", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN37223351/index.html" - }, - { - "name" : "JVNDB-2011-000097", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#37223351", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN37223351/index.html" + }, + { + "name": "JVNDB-2011-000097", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000097" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4045.json b/2011/4xxx/CVE-2011-4045.json index 547a96d5c98..72374e0ec3f 100644 --- a/2011/4xxx/CVE-2011-4045.json +++ b/2011/4xxx/CVE-2011-4045.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf" - }, - { - "name" : "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257", - "refsource" : "CONFIRM", - "url" : "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257" - }, - { - "name" : "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440", - "refsource" : "CONFIRM", - "url" : "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf" + }, + { + "name": "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257", + "refsource": "CONFIRM", + "url": "http://www.pcvuesolutions.com/index.php?option=com_content&view=article&id=244&Itemid=257" + }, + { + "name": "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440", + "refsource": "CONFIRM", + "url": "https://support.pcvuescada.com/index.php?option=com_k2&view=item&id=512&Itemid=440" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4371.json b/2011/4xxx/CVE-2011-4371.json index a4bf7976d06..af57e68f268 100644 --- a/2011/4xxx/CVE-2011-4371.json +++ b/2011/4xxx/CVE-2011-4371.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-4371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html" - }, - { - "name" : "51351", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51351" - }, - { - "name" : "oval:org.mitre.oval:def:14809", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14809" - }, - { - "name" : "1026496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" + }, + { + "name": "51351", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51351" + }, + { + "name": "oval:org.mitre.oval:def:14809", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14809" + }, + { + "name": "1026496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026496" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4512.json b/2011/4xxx/CVE-2011-4512.json index e8a3293e60a..5516e43b8d9 100644 --- a/2011/4xxx/CVE-2011-4512.json +++ b/2011/4xxx/CVE-2011-4512.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-4512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4789.json b/2011/4xxx/CVE-2011-4789.json index 8f44728fa49..e6c9900b060 100644 --- a/2011/4xxx/CVE-2011-4789.json +++ b/2011/4xxx/CVE-2011-4789.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that \"the vulnerable product is actually HP LoadRunner.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-4789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-12-016/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-12-016/" - }, - { - "name" : "HPSBMU02785", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705" - }, - { - "name" : "SSRT100526", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705" - }, - { - "name" : "51398", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51398" - }, - { - "name" : "78309", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78309" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that \"the vulnerable product is actually HP LoadRunner.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78309", + "refsource": "OSVDB", + "url": "http://osvdb.org/78309" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-12-016/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-12-016/" + }, + { + "name": "51398", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51398" + }, + { + "name": "SSRT100526", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705" + }, + { + "name": "HPSBMU02785", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03216705" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4940.json b/2011/4xxx/CVE-2011-4940.json index 469c88167e3..dc2e8db2366 100644 --- a/2011/4xxx/CVE-2011-4940.json +++ b/2011/4xxx/CVE-2011-4940.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.python.org/issue11442", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue11442" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=803500", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=803500" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1613-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-2" - }, - { - "name" : "USN-1592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1592-1" - }, - { - "name" : "USN-1613-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1613-1" - }, - { - "name" : "JVN#51176027", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN51176027/index.html" - }, - { - "name" : "JVNDB-2012-000063", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063" - }, - { - "name" : "54083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54083" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51024" - }, - { - "name" : "51040", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer 7 via UTF-7 encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1592-1" + }, + { + "name": "JVN#51176027", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN51176027/index.html" + }, + { + "name": "51040", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51040" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "http://bugs.python.org/issue11442", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue11442" + }, + { + "name": "54083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54083" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "USN-1613-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-2" + }, + { + "name": "JVNDB-2012-000063", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000063" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=803500", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=803500" + }, + { + "name": "51024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51024" + }, + { + "name": "USN-1613-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1613-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5533.json b/2013/5xxx/CVE-2013-5533.json index 35fb1237c59..71b2b850509 100644 --- a/2013/5xxx/CVE-2013-5533.json +++ b/2013/5xxx/CVE-2013-5533.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131010 Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533" - }, - { - "name" : "62943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62943" - }, - { - "name" : "98337", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131010 Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5533" + }, + { + "name": "62943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62943" + }, + { + "name": "98337", + "refsource": "OSVDB", + "url": "http://osvdb.org/98337" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5632.json b/2013/5xxx/CVE-2013-5632.json index 20c712a93b9..da50025d616 100644 --- a/2013/5xxx/CVE-2013-5632.json +++ b/2013/5xxx/CVE-2013-5632.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5632", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5632", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5855.json b/2013/5xxx/CVE-2013-5855.json index 64e9bda679d..d243a9d79fc 100644 --- a/2013/5xxx/CVE-2013-5855.json +++ b/2013/5xxx/CVE-2013-5855.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" - }, - { - "name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/23" - }, - { - "name" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU", - "refsource" : "MISC", - "url" : "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" - }, - { - "name" : "https://java.net/jira/browse/JAVASERVERFACES-3150", - "refsource" : "CONFIRM", - "url" : "https://java.net/jira/browse/JAVASERVERFACES-3150" - }, - { - "name" : "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258", - "refsource" : "CONFIRM", - "url" : "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" - }, - { - "name" : "RHSA-2015:0675", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0675.html" - }, - { - "name" : "RHSA-2015:0720", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0720.html" - }, - { - "name" : "RHSA-2015:0765", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0765.html" - }, - { - "name" : "65600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:0765", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" + }, + { + "name": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU", + "refsource": "MISC", + "url": "http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/JSF-outputText-tag-the-good-the-bad-and-the-ugly/ba-p/6368011#.U8ccVPlXZHU" + }, + { + "name": "RHSA-2015:0675", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" + }, + { + "name": "RHSA-2015:0720", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" + }, + { + "name": "65600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65600" + }, + { + "name": "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258", + "refsource": "CONFIRM", + "url": "https://java.net/jira/browse/JAVASERVERFACES_SPEC_PUBLIC-1258" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" + }, + { + "name": "https://java.net/jira/browse/JAVASERVERFACES-3150", + "refsource": "CONFIRM", + "url": "https://java.net/jira/browse/JAVASERVERFACES-3150" + }, + { + "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/23" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5970.json b/2013/5xxx/CVE-2013-5970.json index d66509c87ce..14b3f70fb30 100644 --- a/2013/5xxx/CVE-2013-5970.json +++ b/2013/5xxx/CVE-2013-5970.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5970", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5970", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2013-0012.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2013-0012.html" - }, - { - "name" : "63216", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63216" - }, - { - "name" : "98719", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98719" - }, - { - "name" : "1029206", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029206" - }, - { - "name" : "vmware-esxi-cve20135970-dos(88135)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 allows remote attackers to cause a denial of service (hostd-vmdb service outage) by modifying management traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vmware-esxi-cve20135970-dos(88135)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88135" + }, + { + "name": "63216", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63216" + }, + { + "name": "1029206", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029206" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2013-0012.html" + }, + { + "name": "98719", + "refsource": "OSVDB", + "url": "http://osvdb.org/98719" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2277.json b/2014/2xxx/CVE-2014-2277.json index aec94220189..1f35cfd5def 100644 --- a/2014/2xxx/CVE-2014-2277.json +++ b/2014/2xxx/CVE-2014-2277.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140308 Re: possible CVE requests: perltidy insecure temporary file usage", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/03/09/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1074720", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1074720" - }, - { - "name" : "FEDORA-2014-3874", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html" - }, - { - "name" : "FEDORA-2014-3891", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html" - }, - { - "name" : "66139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66139" - }, - { - "name" : "perltidy-cve20142277-symlink(92104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2014-3874", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130479.html" + }, + { + "name": "perltidy-cve20142277-symlink(92104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92104" + }, + { + "name": "66139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66139" + }, + { + "name": "FEDORA-2014-3891", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130464.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1074720", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1074720" + }, + { + "name": "[oss-security] 20140308 Re: possible CVE requests: perltidy insecure temporary file usage", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/03/09/1" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2664.json b/2014/2xxx/CVE-2014-2664.json index 12705502e57..2c04b2438f5 100644 --- a/2014/2xxx/CVE-2014-2664.json +++ b/2014/2xxx/CVE-2014-2664.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://karmainsecurity.com/KIS-2014-04", - "refsource" : "MISC", - "url" : "http://karmainsecurity.com/KIS-2014-04" - }, - { - "name" : "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4", - "refsource" : "MISC", - "url" : "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4" - }, - { - "name" : "66506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66506/discuss" - }, - { - "name" : "57315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57315" - }, - { - "name" : "x2crm-cve20142664-file-upload(92169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/92169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "x2crm-cve20142664-file-upload(92169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/92169" + }, + { + "name": "57315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57315" + }, + { + "name": "66506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66506/discuss" + }, + { + "name": "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4", + "refsource": "MISC", + "url": "https://secuniaresearch.flexerasoftware.com//secunia_research/2014-4" + }, + { + "name": "http://karmainsecurity.com/KIS-2014-04", + "refsource": "MISC", + "url": "http://karmainsecurity.com/KIS-2014-04" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2903.json b/2014/2xxx/CVE-2014-2903.json index b1c88db9f0a..c359609be90 100644 --- a/2014/2xxx/CVE-2014-2903.json +++ b/2014/2xxx/CVE-2014-2903.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/04/18/2" - }, - { - "name" : "62604", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62604", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62604" + }, + { + "name": "[oss-security] 20140418 Re: CVE ids for CyaSSL 2.9.4?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/04/18/2" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2946.json b/2014/2xxx/CVE-2014-2946.json index ddd4ac380be..9017ffa1803 100644 --- a/2014/2xxx/CVE-2014-2946.json +++ b/2014/2xxx/CVE-2014-2946.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-2946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html", - "refsource" : "MISC", - "url" : "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html" - }, - { - "name" : "VU#325636", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/325636" - }, - { - "name" : "58992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in the Web UI 11.010.06.01.858 on Huawei E303 modems with software 22.157.18.00.858 allows remote attackers to hijack the authentication of administrators for requests that perform API operations and send SMS messages via a request element in an XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#325636", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/325636" + }, + { + "name": "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html", + "refsource": "MISC", + "url": "http://b.fl7.de/2014/05/huawei-e303-sms-vulnerability-CVE-2014-2946.html" + }, + { + "name": "58992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58992" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6010.json b/2014/6xxx/CVE-2014-6010.json index bda86de609c..4dd2715fc39 100644 --- a/2014/6xxx/CVE-2014-6010.json +++ b/2014/6xxx/CVE-2014-6010.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#958169", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/958169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#958169", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/958169" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6372.json b/2014/6xxx/CVE-2014-6372.json index a67ad1c1501..02f118d4261 100644 --- a/2014/6xxx/CVE-2014-6372.json +++ b/2014/6xxx/CVE-2014-6372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6372", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-6372", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7457.json b/2014/7xxx/CVE-2014-7457.json index 8854c2b38a4..7f7c6631f14 100644 --- a/2014/7xxx/CVE-2014-7457.json +++ b/2014/7xxx/CVE-2014-7457.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#382737", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/382737" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Electronics For You (aka com.magzter.electronicsforyou) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#382737", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/382737" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7575.json b/2014/7xxx/CVE-2014-7575.json index f3c4414cff3..77da51495a8 100644 --- a/2014/7xxx/CVE-2014-7575.json +++ b/2014/7xxx/CVE-2014-7575.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#223017", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/223017" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#223017", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/223017" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0066.json b/2017/0xxx/CVE-2017-0066.json index 730c54958e5..3d29228f20c 100644 --- a/2017/0xxx/CVE-2017-0066.json +++ b/2017/0xxx/CVE-2017-0066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Edge", + "version": { + "version_data": [ + { + "version_value": "Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066" - }, - { - "name" : "96655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96655" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0066" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + }, + { + "name": "96655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96655" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0165.json b/2017/0xxx/CVE-2017-0165.json index 660faa99923..980f5097ae9 100644 --- a/2017/0xxx/CVE-2017-0165.json +++ b/2017/0xxx/CVE-2017-0165.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka \"Windows Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41901", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41901/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165" - }, - { - "name" : "97467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97467" - }, - { - "name" : "1038239", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038239" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka \"Windows Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41901", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41901/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0165" + }, + { + "name": "1038239", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038239" + }, + { + "name": "97467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97467" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0232.json b/2017/0xxx/CVE-2017-0232.json index 26f9197947a..85f22f7ba5a 100644 --- a/2017/0xxx/CVE-2017-0232.json +++ b/2017/0xxx/CVE-2017-0232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0540.json b/2017/0xxx/CVE-2017-0540.json index 2954fcf05e1..42ad3df23ea 100644 --- a/2017/0xxx/CVE-2017-0540.json +++ b/2017/0xxx/CVE-2017-0540.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-04-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "97330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97330" - }, - { - "name" : "1038201", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33966031." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-04-01" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853" + }, + { + "name": "97330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97330" + }, + { + "name": "1038201", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038201" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0955.json b/2017/0xxx/CVE-2017-0955.json index 0ad403d1886..d75e2db18ae 100644 --- a/2017/0xxx/CVE-2017-0955.json +++ b/2017/0xxx/CVE-2017-0955.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0955", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0955", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000107.json b/2017/1000xxx/CVE-2017-1000107.json index d07e3faf576..7e0a8c6a882 100644 --- a/2017/1000xxx/CVE-2017-1000107.json +++ b/2017/1000xxx/CVE-2017-1000107.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.321581", - "ID" : "CVE-2017-1000107", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Script Security Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.30 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Script Security Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sandbox Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.321581", + "ID": "CVE-2017-1000107", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-08-07/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-08-07/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-08-07/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-08-07/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000156.json b/2017/1000xxx/CVE-2017-1000156.json index 59befb0edae..ac6acc3dcc8 100644 --- a/2017/1000xxx/CVE-2017-1000156.json +++ b/2017/1000xxx/CVE-2017-1000156.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.368829", - "ID" : "CVE-2017-1000156", - "REQUESTER" : "info@mahara.org", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mahara", - "version" : { - "version_data" : [ - { - "version_value" : "<15.04.9, <15.10.5, <16.04.3" - } - ] - } - } - ] - }, - "vendor_name" : "Mahara" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.368829", + "ID": "CVE-2017-1000156", + "REQUESTER": "info@mahara.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/mahara/+bug/1609200", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/mahara/+bug/1609200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.launchpad.net/mahara/+bug/1609200", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/mahara/+bug/1609200" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18138.json b/2017/18xxx/CVE-2017-18138.json index c0991a77f39..d62a2ada86d 100644 --- a/2017/18xxx/CVE-2017-18138.json +++ b/2017/18xxx/CVE-2017-18138.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-18138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in GERAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-18138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-04-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-04-01" - }, - { - "name" : "103671", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in GERAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2018-04-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-04-01" + }, + { + "name": "103671", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103671" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18294.json b/2017/18xxx/CVE-2017-18294.json index 9387f6a11fe..d29338f441a 100644 --- a/2017/18xxx/CVE-2017-18294.json +++ b/2017/18xxx/CVE-2017-18294.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in QSEECOM Driver" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in QSEECOM Driver" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1243.json b/2017/1xxx/CVE-2017-1243.json index d305e54d88c..54d165c30f5 100644 --- a/2017/1xxx/CVE-2017-1243.json +++ b/2017/1xxx/CVE-2017-1243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1373.json b/2017/1xxx/CVE-2017-1373.json index e58d7af4dc6..4b6e67216d7 100644 --- a/2017/1xxx/CVE-2017-1373.json +++ b/2017/1xxx/CVE-2017-1373.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-07-17T00:00:00", - "ID" : "CVE-2017-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.3" - }, - { - "version_value" : "3.3.1" - }, - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-07-17T00:00:00", + "ID": "CVE-2017-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.3" + }, + { + "version_value": "3.3.1" + }, + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22004677", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22004677" - }, - { - "name" : "99908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99908" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/126866" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22004677", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22004677" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1466.json b/2017/1xxx/CVE-2017-1466.json index b88cc29bf95..ec45e94fc9d 100644 --- a/2017/1xxx/CVE-2017-1466.json +++ b/2017/1xxx/CVE-2017-1466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1603.json b/2017/1xxx/CVE-2017-1603.json index f36fe47b492..ff69f737f7c 100644 --- a/2017/1xxx/CVE-2017-1603.json +++ b/2017/1xxx/CVE-2017-1603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1679.json b/2017/1xxx/CVE-2017-1679.json index 060b81c97ed..31f4de16aac 100644 --- a/2017/1xxx/CVE-2017-1679.json +++ b/2017/1xxx/CVE-2017-1679.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-09-06T00:00:00", - "ID" : "CVE-2017-1679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OpenPages GRC Platform", - "version" : { - "version_data" : [ - { - "version_value" : "7.2" - }, - { - "version_value" : "7.3" - }, - { - "version_value" : "7.4" - }, - { - "version_value" : "8.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "L", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "6.200", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-09-06T00:00:00", + "ID": "CVE-2017-1679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OpenPages GRC Platform", + "version": { + "version_data": [ + { + "version_value": "7.2" + }, + { + "version_value": "7.3" + }, + { + "version_value": "7.4" + }, + { + "version_value": "8.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728737", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728737" - }, - { - "name" : "ibm-openpages-cve20171679-info-disc(134001)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/134001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "L", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "6.200", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728737", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728737" + }, + { + "name": "ibm-openpages-cve20171679-info-disc(134001)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/134001" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4954.json b/2017/4xxx/CVE-2017-4954.json index 5edfc012eb4..35416bae55c 100644 --- a/2017/4xxx/CVE-2017-4954.json +++ b/2017/4xxx/CVE-2017-4954.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4954", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-4954", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5336.json b/2017/5xxx/CVE-2017-5336.json index 79212460a32..d34fd4f90d6 100644 --- a/2017/5xxx/CVE-2017-5336.json +++ b/2017/5xxx/CVE-2017-5336.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-5336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/10/7" - }, - { - "name" : "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/11/4" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340" - }, - { - "name" : "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732" - }, - { - "name" : "https://gnutls.org/security.html#GNUTLS-SA-2017-2", - "refsource" : "CONFIRM", - "url" : "https://gnutls.org/security.html#GNUTLS-SA-2017-2" - }, - { - "name" : "GLSA-201702-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-04" - }, - { - "name" : "RHSA-2017:0574", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0574.html" - }, - { - "name" : "RHSA-2017:2292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2292" - }, - { - "name" : "openSUSE-SU-2017:0386", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html" - }, - { - "name" : "95377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95377" - }, - { - "name" : "1037576", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732" + }, + { + "name": "95377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95377" + }, + { + "name": "[oss-security] 20170110 CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/10/7" + }, + { + "name": "RHSA-2017:2292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2292" + }, + { + "name": "1037576", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037576" + }, + { + "name": "[oss-security] 20170110 Re: CVE request: two advisories for GnuTLS GNUTLS-SA-2017-1, GNUTLS-SA-2017-2, fixed in 3.3.26, 3.5.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/11/4" + }, + { + "name": "openSUSE-SU-2017:0386", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00005.html" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340" + }, + { + "name": "RHSA-2017:0574", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0574.html" + }, + { + "name": "GLSA-201702-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-04" + }, + { + "name": "https://gnutls.org/security.html#GNUTLS-SA-2017-2", + "refsource": "CONFIRM", + "url": "https://gnutls.org/security.html#GNUTLS-SA-2017-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5517.json b/2017/5xxx/CVE-2017-5517.json index b6b4dc30dc7..d60c6e2fbd8 100644 --- a/2017/5xxx/CVE-2017-5517.json +++ b/2017/5xxx/CVE-2017-5517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/66", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/66" - }, - { - "name" : "95455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95455" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/66", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/66" + }, + { + "name": "95455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95455" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5949.json b/2017/5xxx/CVE-2017-5949.json index 2a5cf017815..d703b515172 100644 --- a/2017/5xxx/CVE-2017-5949.json +++ b/2017/5xxx/CVE-2017-5949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=167239", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=167239" - }, - { - "name" : "https://trac.webkit.org/changeset/211479", - "refsource" : "CONFIRM", - "url" : "https://trac.webkit.org/changeset/211479" - }, - { - "name" : "97298", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 22, allows remote attackers to cause a denial of service (heap-based out-of-bounds write and application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers access to red-zone memory locations, related to jit/ThunkGenerators.cpp, llint/LowLevelInterpreter32_64.asm, and llint/LowLevelInterpreter64.asm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97298", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97298" + }, + { + "name": "https://trac.webkit.org/changeset/211479", + "refsource": "CONFIRM", + "url": "https://trac.webkit.org/changeset/211479" + }, + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=167239", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=167239" + } + ] + } +} \ No newline at end of file