From b57952ab348b7fbc363a56db47f384e1e5051169 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:39:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0890.json | 170 +++++++-------- 2006/3xxx/CVE-2006-3275.json | 160 +++++++------- 2006/3xxx/CVE-2006-3549.json | 240 ++++++++++----------- 2006/4xxx/CVE-2006-4212.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4501.json | 150 ++++++------- 2006/6xxx/CVE-2006-6258.json | 180 ++++++++-------- 2006/6xxx/CVE-2006-6611.json | 160 +++++++------- 2006/6xxx/CVE-2006-6783.json | 180 ++++++++-------- 2006/6xxx/CVE-2006-6784.json | 140 ++++++------- 2010/2xxx/CVE-2010-2061.json | 34 +-- 2010/2xxx/CVE-2010-2234.json | 150 ++++++------- 2010/2xxx/CVE-2010-2733.json | 140 ++++++------- 2010/2xxx/CVE-2010-2757.json | 220 ++++++++++---------- 2010/3xxx/CVE-2010-3889.json | 170 +++++++-------- 2011/0xxx/CVE-2011-0447.json | 230 ++++++++++---------- 2011/0xxx/CVE-2011-0535.json | 200 +++++++++--------- 2011/0xxx/CVE-2011-0873.json | 370 ++++++++++++++++----------------- 2011/1xxx/CVE-2011-1134.json | 34 +-- 2011/1xxx/CVE-2011-1386.json | 160 +++++++------- 2011/4xxx/CVE-2011-4800.json | 150 ++++++------- 2011/5xxx/CVE-2011-5125.json | 120 +++++------ 2011/5xxx/CVE-2011-5146.json | 160 +++++++------- 2014/2xxx/CVE-2014-2513.json | 150 ++++++------- 2014/3xxx/CVE-2014-3286.json | 140 ++++++------- 2014/3xxx/CVE-2014-3883.json | 140 ++++++------- 2014/6xxx/CVE-2014-6627.json | 130 ++++++------ 2014/6xxx/CVE-2014-6628.json | 120 +++++------ 2014/6xxx/CVE-2014-6672.json | 140 ++++++------- 2014/6xxx/CVE-2014-6952.json | 140 ++++++------- 2014/7xxx/CVE-2014-7078.json | 140 ++++++------- 2014/7xxx/CVE-2014-7572.json | 140 ++++++------- 2014/7xxx/CVE-2014-7624.json | 140 ++++++------- 2014/7xxx/CVE-2014-7881.json | 140 ++++++------- 2014/7xxx/CVE-2014-7945.json | 210 +++++++++---------- 2016/2xxx/CVE-2016-2199.json | 120 +++++------ 2016/2xxx/CVE-2016-2504.json | 130 ++++++------ 2016/2xxx/CVE-2016-2718.json | 34 +-- 2016/2xxx/CVE-2016-2907.json | 34 +-- 2017/18xxx/CVE-2017-18055.json | 132 ++++++------ 2017/18xxx/CVE-2017-18204.json | 220 ++++++++++---------- 2017/1xxx/CVE-2017-1156.json | 140 ++++++------- 2017/1xxx/CVE-2017-1585.json | 34 +-- 2017/1xxx/CVE-2017-1594.json | 34 +-- 2017/1xxx/CVE-2017-1958.json | 34 +-- 2017/5xxx/CVE-2017-5459.json | 274 ++++++++++++------------ 2017/5xxx/CVE-2017-5518.json | 130 ++++++------ 2017/5xxx/CVE-2017-5655.json | 136 ++++++------ 2017/5xxx/CVE-2017-5986.json | 190 ++++++++--------- 48 files changed, 3530 insertions(+), 3530 deletions(-) diff --git a/2006/0xxx/CVE-2006-0890.json b/2006/0xxx/CVE-2006-0890.json index 33bafd21f92..a00d396b556 100644 --- a/2006/0xxx/CVE-2006-0890.json +++ b/2006/0xxx/CVE-2006-0890.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060224 SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/425973/100/0/threaded" - }, - { - "name" : "16807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16807" - }, - { - "name" : "ADV-2006-0731", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0731" - }, - { - "name" : "23465", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/23465" - }, - { - "name" : "19006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19006" - }, - { - "name" : "speedproject-zip-jar-directory-traversal(24909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16807" + }, + { + "name": "19006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19006" + }, + { + "name": "speedproject-zip-jar-directory-traversal(24909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24909" + }, + { + "name": "ADV-2006-0731", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0731" + }, + { + "name": "20060224 SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/425973/100/0/threaded" + }, + { + "name": "23465", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/23465" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3275.json b/2006/3xxx/CVE-2006-3275.json index 9c7d2adc3a2..032971a5b63 100644 --- a/2006/3xxx/CVE-2006-3275.json +++ b/2006/3xxx/CVE-2006-3275.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060623 NDSD-06-001", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=115102378824221&w=2" - }, - { - "name" : "18625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18625" - }, - { - "name" : "ADV-2006-2504", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2504" - }, - { - "name" : "20780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20780" - }, - { - "name" : "yabb-profile-sql-injection(27331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2504", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2504" + }, + { + "name": "20060623 NDSD-06-001", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=115102378824221&w=2" + }, + { + "name": "yabb-profile-sql-injection(27331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27331" + }, + { + "name": "20780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20780" + }, + { + "name": "18625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18625" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3549.json b/2006/3xxx/CVE-2006-3549.json index 5ed1e4aebc2..77af4b31a92 100644 --- a/2006/3xxx/CVE-2006-3549.json +++ b/2006/3xxx/CVE-2006-3549.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439255/100/0/threaded" - }, - { - "name" : "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt", - "refsource" : "MISC", - "url" : "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt" - }, - { - "name" : "http://lists.horde.org/archives/announce/2006/000287.html", - "refsource" : "CONFIRM", - "url" : "http://lists.horde.org/archives/announce/2006/000287.html" - }, - { - "name" : "http://lists.horde.org/archives/announce/2006/000288.html", - "refsource" : "CONFIRM", - "url" : "http://lists.horde.org/archives/announce/2006/000288.html" - }, - { - "name" : "DSA-1406", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1406" - }, - { - "name" : "SUSE-SR:2006:019", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_19_sr.html" - }, - { - "name" : "18845", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18845" - }, - { - "name" : "ADV-2006-2694", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2694" - }, - { - "name" : "1016442", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016442" - }, - { - "name" : "20954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20954" - }, - { - "name" : "21459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21459" - }, - { - "name" : "27565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/27565" - }, - { - "name" : "1229", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "services/go.php in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 does not properly restrict its image proxy capability, which allows remote attackers to perform \"Web tunneling\" attacks and use the server as a proxy via (1) http, (2) https, and (3) ftp URL in the url parameter, which is requested from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.horde.org/archives/announce/2006/000287.html", + "refsource": "CONFIRM", + "url": "http://lists.horde.org/archives/announce/2006/000287.html" + }, + { + "name": "18845", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18845" + }, + { + "name": "ADV-2006-2694", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2694" + }, + { + "name": "21459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21459" + }, + { + "name": "SUSE-SR:2006:019", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html" + }, + { + "name": "27565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/27565" + }, + { + "name": "1016442", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016442" + }, + { + "name": "http://lists.horde.org/archives/announce/2006/000288.html", + "refsource": "CONFIRM", + "url": "http://lists.horde.org/archives/announce/2006/000288.html" + }, + { + "name": "1229", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1229" + }, + { + "name": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt", + "refsource": "MISC", + "url": "http://moritz-naumann.com/adv/0011/hordemulti/0011.txt" + }, + { + "name": "DSA-1406", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1406" + }, + { + "name": "20954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20954" + }, + { + "name": "20060705 Public Advisory: Horde 3.1.1, 3.0.10 Multiple Security Issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439255/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4212.json b/2006/4xxx/CVE-2006-4212.json index 7cae4b9cdf6..49849483e5f 100644 --- a/2006/4xxx/CVE-2006-4212.json +++ b/2006/4xxx/CVE-2006-4212.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1540643&group_id=9444&atid=309444", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1540643&group_id=9444&atid=309444" - }, - { - "name" : "JVN#39103264", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2339103264/index.html" - }, - { - "name" : "19552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19552" - }, - { - "name" : "ADV-2006-3285", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3285" - }, - { - "name" : "21519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21519" - }, - { - "name" : "owlik-unspecified-sql-injection(28404)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28404" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#39103264", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2339103264/index.html" + }, + { + "name": "owlik-unspecified-sql-injection(28404)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28404" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1540643&group_id=9444&atid=309444", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1540643&group_id=9444&atid=309444" + }, + { + "name": "ADV-2006-3285", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3285" + }, + { + "name": "21519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21519" + }, + { + "name": "19552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19552" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4501.json b/2006/4xxx/CVE-2006-4501.json index e9488b1c197..51424492032 100644 --- a/2006/4xxx/CVE-2006-4501.json +++ b/2006/4xxx/CVE-2006-4501.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 Ezportal/Ztml v1.0 Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444743/100/0/threaded" - }, - { - "name" : "19759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19759" - }, - { - "name" : "1481", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1481" - }, - { - "name" : "ezportalztml-index-sql-injection(28667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060830 Ezportal/Ztml v1.0 Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444743/100/0/threaded" + }, + { + "name": "1481", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1481" + }, + { + "name": "ezportalztml-index-sql-injection(28667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28667" + }, + { + "name": "19759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19759" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6258.json b/2006/6xxx/CVE-2006-6258.json index bdf4687a2c2..c502cdc5e0d 100644 --- a/2006/6xxx/CVE-2006-6258.json +++ b/2006/6xxx/CVE-2006-6258.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452988/100/0/threaded" - }, - { - "name" : "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt", - "refsource" : "MISC", - "url" : "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt" - }, - { - "name" : "21355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21355" - }, - { - "name" : "ADV-2006-4851", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4851" - }, - { - "name" : "23144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23144" - }, - { - "name" : "1965", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1965" - }, - { - "name" : "alternc-multiple-xss(30625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061128 Multiple Vulnerabilities in AlternC version 0.9.5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452988/100/0/threaded" + }, + { + "name": "21355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21355" + }, + { + "name": "1965", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1965" + }, + { + "name": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt", + "refsource": "MISC", + "url": "http://www.ground418.org/exploits/read.php?file=06-alternC-095.txt" + }, + { + "name": "23144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23144" + }, + { + "name": "alternc-multiple-xss(30625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30625" + }, + { + "name": "ADV-2006-4851", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4851" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6611.json b/2006/6xxx/CVE-2006-6611.json index ebd189a9f25..b2d85313ad4 100644 --- a/2006/6xxx/CVE-2006-6611.json +++ b/2006/6xxx/CVE-2006-6611.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2920", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2920" - }, - { - "name" : "20061217 Source VERIFY of Barman interface.php/basepath RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2006-December/001184.html" - }, - { - "name" : "21544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21544" - }, - { - "name" : "ADV-2006-4944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4944" - }, - { - "name" : "barman-interface-file-include(30823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2920", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2920" + }, + { + "name": "20061217 Source VERIFY of Barman interface.php/basepath RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2006-December/001184.html" + }, + { + "name": "barman-interface-file-include(30823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30823" + }, + { + "name": "ADV-2006-4944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4944" + }, + { + "name": "21544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21544" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6783.json b/2006/6xxx/CVE-2006-6783.json index cc03bd254f1..bd600808afd 100644 --- a/2006/6xxx/CVE-2006-6783.json +++ b/2006/6xxx/CVE-2006-6783.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061225 logahead UNU edition 1.0 Remote File Upload & code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455307/100/0/threaded" - }, - { - "name" : "http://logahead.com/forums/comments.php?DiscussionID=216", - "refsource" : "CONFIRM", - "url" : "http://logahead.com/forums/comments.php?DiscussionID=216" - }, - { - "name" : "21743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21743" - }, - { - "name" : "ADV-2006-5184", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5184" - }, - { - "name" : "1017444", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017444" - }, - { - "name" : "23470", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23470" - }, - { - "name" : "2071", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "logahead UNU 1.0 before 20061226 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), possibly because of an authentication bypass. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061225 logahead UNU edition 1.0 Remote File Upload & code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455307/100/0/threaded" + }, + { + "name": "ADV-2006-5184", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5184" + }, + { + "name": "21743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21743" + }, + { + "name": "2071", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2071" + }, + { + "name": "1017444", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017444" + }, + { + "name": "23470", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23470" + }, + { + "name": "http://logahead.com/forums/comments.php?DiscussionID=216", + "refsource": "CONFIRM", + "url": "http://logahead.com/forums/comments.php?DiscussionID=216" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6784.json b/2006/6xxx/CVE-2006-6784.json index 6746fcf4539..74141116153 100644 --- a/2006/6xxx/CVE-2006-6784.json +++ b/2006/6xxx/CVE-2006-6784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061225 Forum AnyBoard - Sql Inyection By Firewall", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455263/100/0/threaded" - }, - { - "name" : "21734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21734" - }, - { - "name" : "2063", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21734" + }, + { + "name": "2063", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2063" + }, + { + "name": "20061225 Forum AnyBoard - Sql Inyection By Firewall", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455263/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2061.json b/2010/2xxx/CVE-2010-2061.json index 577929cade3..fe1ea4e64e6 100644 --- a/2010/2xxx/CVE-2010-2061.json +++ b/2010/2xxx/CVE-2010-2061.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2061", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2061", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2234.json b/2010/2xxx/CVE-2010-2234.json index 14f10b30120..91d3e3e0e72 100644 --- a/2010/2xxx/CVE-2010-2234.json +++ b/2010/2xxx/CVE-2010-2234.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2010-2234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/513174/100/0/threaded" - }, - { - "name" : "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2010/Aug/199" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=624764", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=624764" - }, - { - "name" : "42501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2010/Aug/199" + }, + { + "name": "20100817 CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/513174/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=624764", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=624764" + }, + { + "name": "42501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42501" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2733.json b/2010/2xxx/CVE-2010-2733.json index 33f6ded4c25..a198ac20feb 100644 --- a/2010/2xxx/CVE-2010-2733.json +++ b/2010/2xxx/CVE-2010-2733.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"UAG XSS Allows EOP Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-089", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089" - }, - { - "name" : "TA10-313A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12127", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"UAG XSS Allows EOP Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12127", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12127" + }, + { + "name": "MS10-089", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089" + }, + { + "name": "TA10-313A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2757.json b/2010/2xxx/CVE-2010-2757.json index fadeccc605e..9eeb79afb8c 100644 --- a/2010/2xxx/CVE-2010-2757.json +++ b/2010/2xxx/CVE-2010-2757.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/3.2.7/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/3.2.7/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=450013", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=450013" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=623423" - }, - { - "name" : "FEDORA-2010-13072", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" - }, - { - "name" : "FEDORA-2010-13086", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" - }, - { - "name" : "FEDORA-2010-13171", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" - }, - { - "name" : "42275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/42275" - }, - { - "name" : "40892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40892" - }, - { - "name" : "41128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/41128" - }, - { - "name" : "ADV-2010-2035", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2035" - }, - { - "name" : "ADV-2010-2205", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=450013", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=450013" + }, + { + "name": "ADV-2010-2035", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2035" + }, + { + "name": "FEDORA-2010-13072", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html" + }, + { + "name": "FEDORA-2010-13171", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html" + }, + { + "name": "40892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40892" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=623423", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=623423" + }, + { + "name": "FEDORA-2010-13086", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html" + }, + { + "name": "42275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/42275" + }, + { + "name": "http://www.bugzilla.org/security/3.2.7/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/3.2.7/" + }, + { + "name": "41128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/41128" + }, + { + "name": "ADV-2010-2205", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2205" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3889.json b/2010/3xxx/CVE-2010-3889.json index b01373337f3..06131606a54 100644 --- a/2010/3xxx/CVE-2010-3889.json +++ b/2010/3xxx/CVE-2010-3889.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-3889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_", - "refsource" : "MISC", - "url" : "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_" - }, - { - "name" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716-(1)", - "refsource" : "MISC", - "url" : "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716-(1)" - }, - { - "name" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061", - "refsource" : "MISC", - "url" : "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061" - }, - { - "name" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities", - "refsource" : "MISC", - "url" : "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities" - }, - { - "name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml", - "refsource" : "MISC", - "url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml" - }, - { - "name" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml", - "refsource" : "MISC", - "url" : "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml", + "refsource": "MISC", + "url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml" + }, + { + "name": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716-(1)", + "refsource": "MISC", + "url": "http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2010/20100716-(1)" + }, + { + "name": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities", + "refsource": "MISC", + "url": "http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities" + }, + { + "name": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_", + "refsource": "MISC", + "url": "http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_" + }, + { + "name": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml", + "refsource": "MISC", + "url": "http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml" + }, + { + "name": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061", + "refsource": "MISC", + "url": "http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0447.json b/2011/0xxx/CVE-2011-0447.json index 9b32e5d0c99..ad49b2536f9 100644 --- a/2011/0xxx/CVE-2011-0447.json +++ b/2011/0xxx/CVE-2011-0447.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rubyonrails-security] 20110209 CSRF Protection Bypass in Ruby on Rails", - "refsource" : "MLIST", - "url" : "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" - }, - { - "name" : "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" - }, - { - "name" : "DSA-2247", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2247" - }, - { - "name" : "FEDORA-2011-2133", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" - }, - { - "name" : "FEDORA-2011-2138", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" - }, - { - "name" : "FEDORA-2011-4358", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" - }, - { - "name" : "46291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46291" - }, - { - "name" : "1025060", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025060" - }, - { - "name" : "43274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43274" - }, - { - "name" : "43666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43666" - }, - { - "name" : "ADV-2011-0587", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0587" - }, - { - "name" : "ADV-2011-0877", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2011-0587", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0587" + }, + { + "name": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" + }, + { + "name": "1025060", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025060" + }, + { + "name": "FEDORA-2011-2138", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" + }, + { + "name": "46291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46291" + }, + { + "name": "DSA-2247", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2247" + }, + { + "name": "[rubyonrails-security] 20110209 CSRF Protection Bypass in Ruby on Rails", + "refsource": "MLIST", + "url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" + }, + { + "name": "FEDORA-2011-4358", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" + }, + { + "name": "43274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43274" + }, + { + "name": "ADV-2011-0877", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0877" + }, + { + "name": "FEDORA-2011-2133", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" + }, + { + "name": "43666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43666" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0535.json b/2011/0xxx/CVE-2011-0535.json index c24b4874fd6..08c37007eb6 100644 --- a/2011/0xxx/CVE-2011-0535.json +++ b/2011/0xxx/CVE-2011-0535.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110201 Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Feb/0" - }, - { - "name" : "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/01/1" - }, - { - "name" : "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/03/1" - }, - { - "name" : "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html", - "refsource" : "MISC", - "url" : "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html" - }, - { - "name" : "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG" - }, - { - "name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released", - "refsource" : "CONFIRM", - "url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released" - }, - { - "name" : "70751", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70751" - }, - { - "name" : "43114", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43114" - }, - { - "name" : "8067", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110203 Re: CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/03/1" + }, + { + "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released", + "refsource": "CONFIRM", + "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3041&title=zikula-1.2.5-released" + }, + { + "name": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG" + }, + { + "name": "70751", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70751" + }, + { + "name": "43114", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43114" + }, + { + "name": "8067", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8067" + }, + { + "name": "[oss-security] 20110201 CVE Request: Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/01/1" + }, + { + "name": "20110201 Zikula CMS 1.2.4 <= Cross Site Request Forgery (CSRF) Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Feb/0" + }, + { + "name": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html", + "refsource": "MISC", + "url": "http://bl0g.yehg.net/2011/02/zikula-cms-124-cross-site-request.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0873.json b/2011/0xxx/CVE-2011-0873.json index 747a3163cbc..70093a8b027 100644 --- a/2011/0xxx/CVE-2011-0873.json +++ b/2011/0xxx/CVE-2011-0873.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100144512", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100144512" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100147041", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100147041" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" - }, - { - "name" : "http://www.ibm.com/developerworks/java/jdk/alerts/", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/developerworks/java/jdk/alerts/" - }, - { - "name" : "HPSBUX02697", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "SSRT100591", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132439520301822&w=2" - }, - { - "name" : "HPSBMU02797", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "SSRT100867", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2" - }, - { - "name" : "HPSBMU02799", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2" - }, - { - "name" : "RHSA-2011:0860", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0860.html" - }, - { - "name" : "RHSA-2011:0938", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0938.html" - }, - { - "name" : "RHSA-2011:1087", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1087.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "SUSE-SA:2011:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" - }, - { - "name" : "SUSE-SA:2011:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" - }, - { - "name" : "SUSE-SU-2011:0807", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" - }, - { - "name" : "SUSE-SU-2011:0863", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" - }, - { - "name" : "openSUSE-SU-2011:0633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" - }, - { - "name" : "TA11-201A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" - }, - { - "name" : "48148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48148" - }, - { - "name" : "oval:org.mitre.oval:def:13888", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13888" - }, - { - "name" : "oval:org.mitre.oval:def:14153", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14153" - }, - { - "name" : "44818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44818" - }, - { - "name" : "44930", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-015/index.html" + }, + { + "name": "SUSE-SU-2011:0863", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00001.html" + }, + { + "name": "HPSBMU02799", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" + }, + { + "name": "RHSA-2011:1087", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1087.html" + }, + { + "name": "TA11-201A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100144512", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100144512" + }, + { + "name": "SUSE-SA:2011:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00002.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "44818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44818" + }, + { + "name": "RHSA-2011:0938", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0938.html" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100147041", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100147041" + }, + { + "name": "44930", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44930" + }, + { + "name": "SUSE-SA:2011:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:13888", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13888" + }, + { + "name": "SSRT100591", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "48148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48148" + }, + { + "name": "SSRT100867", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "SUSE-SU-2011:0807", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00009.html" + }, + { + "name": "openSUSE-SU-2011:0633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-06/msg00003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" + }, + { + "name": "oval:org.mitre.oval:def:14153", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14153" + }, + { + "name": "HPSBUX02697", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132439520301822&w=2" + }, + { + "name": "RHSA-2011:0860", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0860.html" + }, + { + "name": "HPSBMU02797", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2" + }, + { + "name": "http://www.ibm.com/developerworks/java/jdk/alerts/", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1134.json b/2011/1xxx/CVE-2011-1134.json index ab33ee2aec4..186430adc8b 100644 --- a/2011/1xxx/CVE-2011-1134.json +++ b/2011/1xxx/CVE-2011-1134.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1134", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1134", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1386.json b/2011/1xxx/CVE-2011-1386.json index b32e6f50e25..3683ea02088 100644 --- a/2011/1xxx/CVE-2011-1386.json +++ b/2011/1xxx/CVE-2011-1386.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21575309", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21575309" - }, - { - "name" : "IV10793", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793" - }, - { - "name" : "IV10801", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801" - }, - { - "name" : "IV10813", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813" - }, - { - "name" : "tfim-saml-weak-security(71686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV10813", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10813" + }, + { + "name": "tfim-saml-weak-security(71686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71686" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21575309", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21575309" + }, + { + "name": "IV10793", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10793" + }, + { + "name": "IV10801", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV10801" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4800.json b/2011/4xxx/CVE-2011-4800.json index 0223f45528e..5596f59c5ea 100644 --- a/2011/4xxx/CVE-2011-4800.json +++ b/2011/4xxx/CVE-2011-4800.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18182", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18182" - }, - { - "name" : "20111130 Serv-U Remote", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html" - }, - { - "name" : "http://www.serv-u.com/releasenotes/", - "refsource" : "CONFIRM", - "url" : "http://www.serv-u.com/releasenotes/" - }, - { - "name" : "47021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, via a \"..:/\" (dot dot colon forward slash) in the (1) list, (2) put, or (3) get commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20111130 Serv-U Remote", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html" + }, + { + "name": "47021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47021" + }, + { + "name": "http://www.serv-u.com/releasenotes/", + "refsource": "CONFIRM", + "url": "http://www.serv-u.com/releasenotes/" + }, + { + "name": "18182", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18182" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5125.json b/2011/5xxx/CVE-2011-5125.json index dfa8d991099..4f53a43d332 100644 --- a/2011/5xxx/CVE-2011-5125.json +++ b/2011/5xxx/CVE-2011-5125.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA62", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA62" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA62", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA62" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5146.json b/2011/5xxx/CVE-2011-5146.json index 12d228f2b9a..28cfa36123d 100644 --- a/2011/5xxx/CVE-2011-5146.json +++ b/2011/5xxx/CVE-2011-5146.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931" - }, - { - "name" : "http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec", - "refsource" : "CONFIRM", - "url" : "http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec" - }, - { - "name" : "http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html", - "refsource" : "CONFIRM", - "url" : "http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html" - }, - { - "name" : "77700", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77700" - }, - { - "name" : "47252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec", + "refsource": "CONFIRM", + "url": "http://inguma.eu/projects/bokken/repository/revisions/56894084b0ec" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931" + }, + { + "name": "47252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47252" + }, + { + "name": "77700", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77700" + }, + { + "name": "http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html", + "refsource": "CONFIRM", + "url": "http://ingumadev.blogspot.com/2012/01/bokken-16-is-more-stable-and-easier-to.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2513.json b/2014/2xxx/CVE-2014-2513.json index 400f229469b..6c9f8e29698 100644 --- a/2014/2xxx/CVE-2014-2513.json +++ b/2014/2xxx/CVE-2014-2513.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2014-2513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html" - }, - { - "name" : "68435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68435" - }, - { - "name" : "1030529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030529" - }, - { - "name" : "59757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030529" + }, + { + "name": "59757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59757" + }, + { + "name": "20140707 ESA-2014-064: EMC Documentum Content Server Privilege Escalation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-07/0024.html" + }, + { + "name": "68435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68435" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3286.json b/2014/3xxx/CVE-2014-3286.json index 0e9fa3b01f0..e615ffaa77f 100644 --- a/2014/3xxx/CVE-2014-3286.json +++ b/2014/3xxx/CVE-2014-3286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140606 Cisco WebEx Meeting Server User Enumeration Vulnerabilty", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3286" - }, - { - "name" : "67922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67922" - }, - { - "name" : "58571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58571" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web framework in Cisco WebEx Meeting Server does not properly restrict the content of reply messages, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug IDs CSCuj81685, CSCuj81688, CSCuj81665, CSCuj81744, and CSCuj81661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140606 Cisco WebEx Meeting Server User Enumeration Vulnerabilty", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3286" + }, + { + "name": "67922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67922" + }, + { + "name": "58571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58571" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3883.json b/2014/3xxx/CVE-2014-3883.json index 699c429e466..6524605e535 100644 --- a/2014/3xxx/CVE-2014-3883.json +++ b/2014/3xxx/CVE-2014-3883.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2014-3883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html", - "refsource" : "MISC", - "url" : "https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html" - }, - { - "name" : "JVN#48805624", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN48805624/index.html" - }, - { - "name" : "JVNDB-2014-000057", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html", + "refsource": "MISC", + "url": "https://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html" + }, + { + "name": "JVN#48805624", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN48805624/index.html" + }, + { + "name": "JVNDB-2014-000057", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000057" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6627.json b/2014/6xxx/CVE-2014-6627.json index 5c382385bb3..765db77717e 100644 --- a/2014/6xxx/CVE-2014-6627.json +++ b/2014/6xxx/CVE-2014-6627.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/support/alerts/aid-10282014.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/support/alerts/aid-10282014.txt" - }, - { - "name" : "61916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "61916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61916" + }, + { + "name": "http://www.arubanetworks.com/support/alerts/aid-10282014.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/support/alerts/aid-10282014.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6628.json b/2014/6xxx/CVE-2014-6628.json index 16a258edc8c..ebcea908fab 100644 --- a/2014/6xxx/CVE-2014-6628.json +++ b/2014/6xxx/CVE-2014-6628.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6628", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6672.json b/2014/6xxx/CVE-2014-6672.json index c04850fa761..9c5c0dd95d5 100644 --- a/2014/6xxx/CVE-2014-6672.json +++ b/2014/6xxx/CVE-2014-6672.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#524241", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/524241" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#524241", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/524241" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6952.json b/2014/6xxx/CVE-2014-6952.json index 3c7aa5ac399..fa1cd1fb8ba 100644 --- a/2014/6xxx/CVE-2014-6952.json +++ b/2014/6xxx/CVE-2014-6952.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#209465", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/209465" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "VU#209465", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/209465" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7078.json b/2014/7xxx/CVE-2014-7078.json index f5faa96f5ff..6a2fe3b2e65 100644 --- a/2014/7xxx/CVE-2014-7078.json +++ b/2014/7xxx/CVE-2014-7078.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#189665", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/189665" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#189665", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/189665" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7572.json b/2014/7xxx/CVE-2014-7572.json index d58f6d95168..36309606a2e 100644 --- a/2014/7xxx/CVE-2014-7572.json +++ b/2014/7xxx/CVE-2014-7572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#999089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/999089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#999089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/999089" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7624.json b/2014/7xxx/CVE-2014-7624.json index 87b82398505..0a12d262896 100644 --- a/2014/7xxx/CVE-2014-7624.json +++ b/2014/7xxx/CVE-2014-7624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#109585", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/109585" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#109585", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/109585" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7881.json b/2014/7xxx/CVE-2014-7881.json index e7f749d6ba8..257c5fa2bb8 100644 --- a/2014/7xxx/CVE-2014-7881.json +++ b/2014/7xxx/CVE-2014-7881.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-7881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03230", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04537915" - }, - { - "name" : "SSRT101875", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04537915" - }, - { - "name" : "62162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101875", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04537915" + }, + { + "name": "HPSBMU03230", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04537915" + }, + { + "name": "62162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62162" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7945.json b/2014/7xxx/CVE-2014-7945.json index ae5cbabb679..2bb1f5e8893 100644 --- a/2014/7xxx/CVE-2014-7945.json +++ b/2014/7xxx/CVE-2014-7945.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=414310", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=414310" - }, - { - "name" : "https://pdfium.googlesource.com/pdfium/+/767aebbef641a89498deebc29369a078207b4dcc", - "refsource" : "CONFIRM", - "url" : "https://pdfium.googlesource.com/pdfium/+/767aebbef641a89498deebc29369a078207b4dcc" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "https://pdfium.googlesource.com/pdfium/+/767aebbef641a89498deebc29369a078207b4dcc", + "refsource": "CONFIRM", + "url": "https://pdfium.googlesource.com/pdfium/+/767aebbef641a89498deebc29369a078207b4dcc" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=414310", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=414310" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2199.json b/2016/2xxx/CVE-2016-2199.json index d75153dd092..600c54c76cf 100644 --- a/2016/2xxx/CVE-2016-2199.json +++ b/2016/2xxx/CVE-2016-2199.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10147", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10147", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10147" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2504.json b/2016/2xxx/CVE-2016-2504.json index eae73be34b1..72f2076abd8 100644 --- a/2016/2xxx/CVE-2016-2504.json +++ b/2016/2xxx/CVE-2016-2504.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-08-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-08-01.html" - }, - { - "name" : "92220", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/92220" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-08-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-08-01.html" + }, + { + "name": "92220", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/92220" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2718.json b/2016/2xxx/CVE-2016-2718.json index f47c136f6d6..f8a925400c9 100644 --- a/2016/2xxx/CVE-2016-2718.json +++ b/2016/2xxx/CVE-2016-2718.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2718", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2718", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2907.json b/2016/2xxx/CVE-2016-2907.json index 6f0df831f2c..aa211fa1699 100644 --- a/2016/2xxx/CVE-2016-2907.json +++ b/2016/2xxx/CVE-2016-2907.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2907", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2907", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18055.json b/2017/18xxx/CVE-2017-18055.json index a2da1caea83..8ba714a1c90 100644 --- a/2017/18xxx/CVE-2017-18055.json +++ b/2017/18xxx/CVE-2017-18055.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-18055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-18055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for wmi_event->num_vdev_mac_entries in wma_pdev_set_hw_mode_resp_evt_handler(), which is received from firmware, leads to potential buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=50a0554d12cff58b3ffbd51d3194304244b87023" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18204.json b/2017/18xxx/CVE-2017-18204.json index b24918510c1..7d36e8c0c94 100644 --- a/2017/18xxx/CVE-2017-18204.json +++ b/2017/18xxx/CVE-2017-18204.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300" - }, - { - "name" : "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2", - "refsource" : "MISC", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2" - }, - { - "name" : "USN-3617-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-1/" - }, - { - "name" : "USN-3617-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-2/" - }, - { - "name" : "USN-3617-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3617-3/" - }, - { - "name" : "USN-3619-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-1/" - }, - { - "name" : "USN-3619-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3619-2/" - }, - { - "name" : "USN-3655-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3655-2/" - }, - { - "name" : "USN-3655-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3655-1/" - }, - { - "name" : "103183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3617-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-1/" + }, + { + "name": "USN-3619-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-2/" + }, + { + "name": "USN-3617-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-3/" + }, + { + "name": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2", + "refsource": "MISC", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2" + }, + { + "name": "USN-3655-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3655-1/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300" + }, + { + "name": "USN-3655-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3655-2/" + }, + { + "name": "USN-3617-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3617-2/" + }, + { + "name": "103183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103183" + }, + { + "name": "USN-3619-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1156.json b/2017/1xxx/CVE-2017-1156.json index ebf9f4a3f8c..2823fc28b09 100644 --- a/2017/1xxx/CVE-2017-1156.json +++ b/2017/1xxx/CVE-2017-1156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Portal", - "version" : { - "version_data" : [ - { - "version_value" : "8.5, 9.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Portal", + "version": { + "version_data": [ + { + "version_value": "8.5, 9.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22000153", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22000153" - }, - { - "name" : "98340", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98340" - }, - { - "name" : "1038390", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22000153", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22000153" + }, + { + "name": "1038390", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038390" + }, + { + "name": "98340", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98340" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1585.json b/2017/1xxx/CVE-2017-1585.json index a56f01af3d3..7e2f37b0f3d 100644 --- a/2017/1xxx/CVE-2017-1585.json +++ b/2017/1xxx/CVE-2017-1585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1594.json b/2017/1xxx/CVE-2017-1594.json index 4bb86a4c9c2..46e71ae8e9a 100644 --- a/2017/1xxx/CVE-2017-1594.json +++ b/2017/1xxx/CVE-2017-1594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1958.json b/2017/1xxx/CVE-2017-1958.json index ad1204bf91b..1437c83d558 100644 --- a/2017/1xxx/CVE-2017-1958.json +++ b/2017/1xxx/CVE-2017-1958.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1958", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1958", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5459.json b/2017/5xxx/CVE-2017-5459.json index 30e1fbf1e3f..bb412db3659 100644 --- a/2017/5xxx/CVE-2017-5459.json +++ b/2017/5xxx/CVE-2017-5459.json @@ -1,139 +1,139 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.9" - }, - { - "version_affected" : "<", - "version_value" : "52.1" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "53" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WebGL" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.9" + }, + { + "version_affected": "<", + "version_value": "52.1" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "53" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-10/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-10/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-11/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-11/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-12/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-12/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-13/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-13/" - }, - { - "name" : "DSA-3831", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3831" - }, - { - "name" : "RHSA-2017:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1104" - }, - { - "name" : "RHSA-2017:1106", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1106" - }, - { - "name" : "RHSA-2017:1201", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1201" - }, - { - "name" : "97940", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97940" - }, - { - "name" : "1038320", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow in WebGL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1106", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1106" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-12/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-12/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-11/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-11/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-10/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-10/" + }, + { + "name": "97940", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97940" + }, + { + "name": "DSA-3831", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3831" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-13/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-13/" + }, + { + "name": "1038320", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038320" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1333858" + }, + { + "name": "RHSA-2017:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1104" + }, + { + "name": "RHSA-2017:1201", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1201" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5518.json b/2017/5xxx/CVE-2017-5518.json index 8b667418cd8..3744dc597e5 100644 --- a/2017/5xxx/CVE-2017-5518.json +++ b/2017/5xxx/CVE-2017-5518.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/64", - "refsource" : "CONFIRM", - "url" : "https://github.com/semplon/GeniXCMS/issues/64" - }, - { - "name" : "95462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95462" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95462" + }, + { + "name": "https://github.com/semplon/GeniXCMS/issues/64", + "refsource": "CONFIRM", + "url": "https://github.com/semplon/GeniXCMS/issues/64" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5655.json b/2017/5xxx/CVE-2017-5655.json index 4d9447dea96..5688dc8b29a 100644 --- a/2017/5xxx/CVE-2017-5655.json +++ b/2017/5xxx/CVE-2017-5655.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-5655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ambari", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.2 through 2.4.2" - }, - { - "version_value" : "2.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "exposure of sensitive data" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-5655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ambari", + "version": { + "version_data": [ + { + "version_value": "2.2.2 through 2.4.2" + }, + { + "version_value": "2.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3" - }, - { - "name" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "exposure of sensitive data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.4.3" + }, + { + "name": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/AMBARI/Ambari+Vulnerabilities#AmbariVulnerabilities-FixedinAmbari2.5.1" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5986.json b/2017/5xxx/CVE-2017-5986.json index ddec9656db6..5e084f1c67c 100644 --- a/2017/5xxx/CVE-2017-5986.json +++ b/2017/5xxx/CVE-2017-5986.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5986", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170214 Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/14/6" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1420276", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1420276" - }, - { - "name" : "https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90" - }, - { - "name" : "DSA-3804", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3804" - }, - { - "name" : "RHSA-2017:1308", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1308" - }, - { - "name" : "96222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96222" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1308", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1308" + }, + { + "name": "https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90" + }, + { + "name": "[oss-security] 20170214 Re: Linux kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf()", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/14/6" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1420276", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420276" + }, + { + "name": "96222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96222" + }, + { + "name": "DSA-3804", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3804" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11" + } + ] + } +} \ No newline at end of file