From c41270b6c2d172f2859ddbdd2d6c94bed9c87363 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:23:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2203.json | 150 ++++----- 2006/2xxx/CVE-2006-2222.json | 180 +++++------ 2006/2xxx/CVE-2006-2354.json | 140 ++++---- 2006/2xxx/CVE-2006-2699.json | 190 +++++------ 2006/2xxx/CVE-2006-2738.json | 190 +++++------ 2006/2xxx/CVE-2006-2966.json | 150 ++++----- 2006/3xxx/CVE-2006-3211.json | 170 +++++----- 2006/3xxx/CVE-2006-3571.json | 200 ++++++------ 2006/3xxx/CVE-2006-3673.json | 170 +++++----- 2006/3xxx/CVE-2006-3740.json | 500 ++++++++++++++--------------- 2006/3xxx/CVE-2006-3778.json | 160 ++++----- 2006/6xxx/CVE-2006-6718.json | 120 +++---- 2006/6xxx/CVE-2006-6781.json | 150 ++++----- 2006/7xxx/CVE-2006-7219.json | 140 ++++---- 2011/0xxx/CVE-2011-0321.json | 190 +++++------ 2011/0xxx/CVE-2011-0335.json | 130 ++++---- 2011/0xxx/CVE-2011-0640.json | 140 ++++---- 2011/0xxx/CVE-2011-0782.json | 140 ++++---- 2011/1xxx/CVE-2011-1240.json | 220 ++++++------- 2011/1xxx/CVE-2011-1922.json | 180 +++++------ 2011/3xxx/CVE-2011-3167.json | 150 ++++----- 2011/3xxx/CVE-2011-3493.json | 130 ++++---- 2011/3xxx/CVE-2011-3897.json | 230 ++++++------- 2011/4xxx/CVE-2011-4309.json | 140 ++++---- 2011/4xxx/CVE-2011-4482.json | 34 +- 2011/4xxx/CVE-2011-4583.json | 140 ++++---- 2011/4xxx/CVE-2011-4742.json | 130 ++++---- 2011/4xxx/CVE-2011-4853.json | 130 ++++---- 2013/1xxx/CVE-2013-1964.json | 190 +++++------ 2013/5xxx/CVE-2013-5077.json | 34 +- 2013/5xxx/CVE-2013-5612.json | 270 ++++++++-------- 2013/5xxx/CVE-2013-5996.json | 150 ++++----- 2014/2xxx/CVE-2014-2065.json | 140 ++++---- 2014/2xxx/CVE-2014-2286.json | 180 +++++------ 2014/2xxx/CVE-2014-2405.json | 140 ++++---- 2014/2xxx/CVE-2014-2558.json | 150 ++++----- 2014/2xxx/CVE-2014-2916.json | 150 ++++----- 2014/6xxx/CVE-2014-6306.json | 34 +- 2014/6xxx/CVE-2014-6719.json | 140 ++++---- 2014/6xxx/CVE-2014-6784.json | 140 ++++---- 2014/6xxx/CVE-2014-6841.json | 140 ++++---- 2014/6xxx/CVE-2014-6925.json | 140 ++++---- 2014/7xxx/CVE-2014-7935.json | 210 ++++++------ 2017/0xxx/CVE-2017-0187.json | 34 +- 2017/0xxx/CVE-2017-0260.json | 140 ++++---- 2017/0xxx/CVE-2017-0476.json | 158 ++++----- 2017/0xxx/CVE-2017-0527.json | 146 ++++----- 2017/0xxx/CVE-2017-0868.json | 34 +- 2017/1000xxx/CVE-2017-1000191.json | 124 +++---- 2017/18xxx/CVE-2017-18331.json | 130 ++++---- 2017/1xxx/CVE-2017-1021.json | 34 +- 2017/1xxx/CVE-2017-1135.json | 34 +- 2017/1xxx/CVE-2017-1280.json | 288 ++++++++--------- 2017/1xxx/CVE-2017-1578.json | 34 +- 2017/4xxx/CVE-2017-4020.json | 34 +- 2017/4xxx/CVE-2017-4895.json | 140 ++++---- 2017/5xxx/CVE-2017-5207.json | 170 +++++----- 2017/5xxx/CVE-2017-5839.json | 190 +++++------ 58 files changed, 4296 insertions(+), 4296 deletions(-) diff --git a/2006/2xxx/CVE-2006-2203.json b/2006/2xxx/CVE-2006-2203.json index 9dc716c148b..f33ab4ae87a 100644 --- a/2006/2xxx/CVE-2006-2203.json +++ b/2006/2xxx/CVE-2006-2203.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a \"possible bypass of attachment filter.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kerio.com/kms_history.html", - "refsource" : "CONFIRM", - "url" : "http://www.kerio.com/kms_history.html" - }, - { - "name" : "ADV-2006-1610", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1610" - }, - { - "name" : "19875", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19875" - }, - { - "name" : "kerio-mailserver-attachment-bypass(26170)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a \"possible bypass of attachment filter.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-1610", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1610" + }, + { + "name": "19875", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19875" + }, + { + "name": "kerio-mailserver-attachment-bypass(26170)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26170" + }, + { + "name": "http://www.kerio.com/kms_history.html", + "refsource": "CONFIRM", + "url": "http://www.kerio.com/kms_history.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2222.json b/2006/2xxx/CVE-2006-2222.json index 0b37c1f8a3c..6ea8d8df1bc 100644 --- a/2006/2xxx/CVE-2006-2222.json +++ b/2006/2xxx/CVE-2006-2222.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several \"\\\" (backslash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060502 zawhttpd - Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/432955/100/0/threaded" - }, - { - "name" : "http://www.securiteam.com/exploits/5OP0315IKK.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5OP0315IKK.html" - }, - { - "name" : "17814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17814" - }, - { - "name" : "25671", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25671" - }, - { - "name" : "1016030", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016030" - }, - { - "name" : "852", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/852" - }, - { - "name" : "zawhttpd-get-dos(26257)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several \"\\\" (backslash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25671", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25671" + }, + { + "name": "http://www.securiteam.com/exploits/5OP0315IKK.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5OP0315IKK.html" + }, + { + "name": "1016030", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016030" + }, + { + "name": "zawhttpd-get-dos(26257)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26257" + }, + { + "name": "20060502 zawhttpd - Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/432955/100/0/threaded" + }, + { + "name": "852", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/852" + }, + { + "name": "17814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17814" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2354.json b/2006/2xxx/CVE-2006-2354.json index 9c45ddbb269..ca150fd1f83 100644 --- a/2006/2xxx/CVE-2006-2354.json +++ b/2006/2xxx/CVE-2006-2354.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "25476", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25476" - }, - { - "name" : "20075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20075" - }, - { - "name" : "whatsup-login-username-enumeration(26503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25476", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25476" + }, + { + "name": "20075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20075" + }, + { + "name": "whatsup-login-username-enumeration(26503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26503" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2699.json b/2006/2xxx/CVE-2006-2699.json index d9538c1a00f..e7fb8084423 100644 --- a/2006/2xxx/CVE-2006-2699.json +++ b/2006/2xxx/CVE-2006-2699.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435295/100/0/threaded" - }, - { - "name" : "http://kapda.ir/advisory-336.html", - "refsource" : "MISC", - "url" : "http://kapda.ir/advisory-336.html" - }, - { - "name" : "http://www.geeklog.net/index.php?topic=Security", - "refsource" : "CONFIRM", - "url" : "http://www.geeklog.net/index.php?topic=Security" - }, - { - "name" : "18154", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18154" - }, - { - "name" : "ADV-2006-2050", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2050" - }, - { - "name" : "20316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20316" - }, - { - "name" : "993", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/993" - }, - { - "name" : "geeklog-getimage-xss(26862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.geeklog.net/index.php?topic=Security", + "refsource": "CONFIRM", + "url": "http://www.geeklog.net/index.php?topic=Security" + }, + { + "name": "993", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/993" + }, + { + "name": "20060529 [KAPDA::#45] - geeklog multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435295/100/0/threaded" + }, + { + "name": "ADV-2006-2050", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2050" + }, + { + "name": "geeklog-getimage-xss(26862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26862" + }, + { + "name": "http://kapda.ir/advisory-336.html", + "refsource": "MISC", + "url": "http://kapda.ir/advisory-336.html" + }, + { + "name": "20316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20316" + }, + { + "name": "18154", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18154" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2738.json b/2006/2xxx/CVE-2006-2738.json index 79ec2e0044b..afc9aec5f18 100644 --- a/2006/2xxx/CVE-2006-2738.json +++ b/2006/2xxx/CVE-2006-2738.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060526 Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435198/100/0/threaded" - }, - { - "name" : "http://www.golem.de/0605/45407.html", - "refsource" : "MISC", - "url" : "http://www.golem.de/0605/45407.html" - }, - { - "name" : "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815", - "refsource" : "CONFIRM", - "url" : "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815" - }, - { - "name" : "18115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18115" - }, - { - "name" : "ADV-2006-2037", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2037" - }, - { - "name" : "20323", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20323" - }, - { - "name" : "1012", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1012" - }, - { - "name" : "openxchange-ldap-default-account(26761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815", + "refsource": "CONFIRM", + "url": "http://www.open-xchange.org/bugzilla/show_bug.cgi?id=2815" + }, + { + "name": "18115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18115" + }, + { + "name": "20060526 Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435198/100/0/threaded" + }, + { + "name": "ADV-2006-2037", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2037" + }, + { + "name": "20323", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20323" + }, + { + "name": "openxchange-ldap-default-account(26761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26761" + }, + { + "name": "1012", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1012" + }, + { + "name": "http://www.golem.de/0605/45407.html", + "refsource": "MISC", + "url": "http://www.golem.de/0605/45407.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2966.json b/2006/2xxx/CVE-2006-2966.json index b05b1cf021a..d466466ee56 100644 --- a/2006/2xxx/CVE-2006-2966.json +++ b/2006/2xxx/CVE-2006-2966.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains \"/**/\" comment sequences, which bypasses the XSS protection scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 ParticleSoft Wiki v1.0.2", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436121/100/0/threaded" - }, - { - "name" : "ADV-2006-2170", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2170" - }, - { - "name" : "1070", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1070" - }, - { - "name" : "particlewiki-edit-xss(26952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains \"/**/\" comment sequences, which bypasses the XSS protection scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1070", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1070" + }, + { + "name": "ADV-2006-2170", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2170" + }, + { + "name": "20060606 ParticleSoft Wiki v1.0.2", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436121/100/0/threaded" + }, + { + "name": "particlewiki-edit-xss(26952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26952" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3211.json b/2006/3xxx/CVE-2006-3211.json index 5ebbeddee44..ae2d191989f 100644 --- a/2006/3xxx/CVE-2006-3211.json +++ b/2006/3xxx/CVE-2006-3211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060620 cjGuestbook v1.3 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438008/100/0/threaded" - }, - { - "name" : "18556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18556" - }, - { - "name" : "ADV-2006-2488", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2488" - }, - { - "name" : "20751", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20751" - }, - { - "name" : "1141", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1141" - }, - { - "name" : "cjguestbook-comments-xss(27322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2488", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2488" + }, + { + "name": "20751", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20751" + }, + { + "name": "1141", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1141" + }, + { + "name": "18556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18556" + }, + { + "name": "20060620 cjGuestbook v1.3 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438008/100/0/threaded" + }, + { + "name": "cjguestbook-comments-xss(27322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27322" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3571.json b/2006/3xxx/CVE-2006-3571.json index d7dbef60433..bbcb8b31cf4 100644 --- a/2006/3xxx/CVE-2006-3571.json +++ b/2006/3xxx/CVE-2006-3571.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060707 PAPOO <=3RC3 sql injection / admin credentials disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439518/100/0/threaded" - }, - { - "name" : "1993", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1993" - }, - { - "name" : "18895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18895" - }, - { - "name" : "ADV-2006-2713", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2713" - }, - { - "name" : "27117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27117" - }, - { - "name" : "1016461", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016461" - }, - { - "name" : "20978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20978" - }, - { - "name" : "1217", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1217" - }, - { - "name" : "papoo-internahilfe-xss(27639)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2713", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2713" + }, + { + "name": "20978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20978" + }, + { + "name": "1016461", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016461" + }, + { + "name": "18895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18895" + }, + { + "name": "20060707 PAPOO <=3RC3 sql injection / admin credentials disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439518/100/0/threaded" + }, + { + "name": "papoo-internahilfe-xss(27639)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27639" + }, + { + "name": "27117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27117" + }, + { + "name": "1217", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1217" + }, + { + "name": "1993", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1993" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3673.json b/2006/3xxx/CVE-2006-3673.json index 05de976108e..78e04634c37 100644 --- a/2006/3xxx/CVE-2006-3673.json +++ b/2006/3xxx/CVE-2006-3673.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/atrondos-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/atrondos-adv.txt" - }, - { - "name" : "19015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19015" - }, - { - "name" : "ADV-2006-2836", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2836" - }, - { - "name" : "21093", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21093" - }, - { - "name" : "1239", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1239" - }, - { - "name" : "armagetron-nnetobject-dos(27787)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1239", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1239" + }, + { + "name": "armagetron-nnetobject-dos(27787)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27787" + }, + { + "name": "21093", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21093" + }, + { + "name": "ADV-2006-2836", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2836" + }, + { + "name": "http://aluigi.altervista.org/adv/atrondos-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/atrondos-adv.txt" + }, + { + "name": "19015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19015" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3740.json b/2006/3xxx/CVE-2006-3740.json index 3425dbcf1be..82ebc3fb206 100644 --- a/2006/3xxx/CVE-2006-3740.json +++ b/2006/3xxx/CVE-2006-3740.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-3740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060912 Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411" - }, - { - "name" : "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445812/100/0/threaded" - }, - { - "name" : "20070330 VMSA-2007-0002 VMware ESX security updates", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/464268/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-614", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-614" - }, - { - "name" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" - }, - { - "name" : "DSA-1193", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1193" - }, - { - "name" : "GLSA-200609-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200609-07.xml" - }, - { - "name" : "MDKSA-2006:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164" - }, - { - "name" : "RHSA-2006:0665", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0665.html" - }, - { - "name" : "RHSA-2006:0666", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0666.html" - }, - { - "name" : "102780", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1" - }, - { - "name" : "SUSE-SR:2006:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_23_sr.html" - }, - { - "name" : "USN-344-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-344-1" - }, - { - "name" : "19974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19974" - }, - { - "name" : "oval:org.mitre.oval:def:9454", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454" - }, - { - "name" : "ADV-2006-3581", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3581" - }, - { - "name" : "ADV-2006-3582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3582" - }, - { - "name" : "ADV-2007-0322", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0322" - }, - { - "name" : "ADV-2007-1171", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1171" - }, - { - "name" : "1016828", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016828" - }, - { - "name" : "21864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21864" - }, - { - "name" : "21889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21889" - }, - { - "name" : "21890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21890" - }, - { - "name" : "21894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21894" - }, - { - "name" : "21900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21900" - }, - { - "name" : "21904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21904" - }, - { - "name" : "21908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21908" - }, - { - "name" : "21924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21924" - }, - { - "name" : "22141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22141" - }, - { - "name" : "22332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22332" - }, - { - "name" : "22560", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22560" - }, - { - "name" : "23033", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23033" - }, - { - "name" : "22080", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22080" - }, - { - "name" : "23899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23899" - }, - { - "name" : "23907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23907" - }, - { - "name" : "24636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24636" - }, - { - "name" : "xorg-server-scancidfont-overflow(28890)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28890" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23907" + }, + { + "name": "RHSA-2006:0666", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0666.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-191.htm" + }, + { + "name": "21900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21900" + }, + { + "name": "MDKSA-2006:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:164" + }, + { + "name": "21904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21904" + }, + { + "name": "SUSE-SR:2006:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_23_sr.html" + }, + { + "name": "21864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21864" + }, + { + "name": "21894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21894" + }, + { + "name": "USN-344-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-344-1" + }, + { + "name": "21889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21889" + }, + { + "name": "21908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21908" + }, + { + "name": "RHSA-2006:0665", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0665.html" + }, + { + "name": "22141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22141" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-190.htm" + }, + { + "name": "ADV-2007-1171", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1171" + }, + { + "name": "DSA-1193", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1193" + }, + { + "name": "22080", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22080" + }, + { + "name": "https://issues.rpath.com/browse/RPL-614", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-614" + }, + { + "name": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/esx25/doc/esx-254-200702-patch.html" + }, + { + "name": "22332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22332" + }, + { + "name": "22560", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22560" + }, + { + "name": "20070330 VMSA-2007-0002 VMware ESX security updates", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/464268/100/0/threaded" + }, + { + "name": "23033", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23033" + }, + { + "name": "20060912 rPSA-2006-0167-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445812/100/0/threaded" + }, + { + "name": "20060912 Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411" + }, + { + "name": "oval:org.mitre.oval:def:9454", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9454" + }, + { + "name": "GLSA-200609-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200609-07.xml" + }, + { + "name": "102780", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102780-1" + }, + { + "name": "24636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24636" + }, + { + "name": "ADV-2007-0322", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0322" + }, + { + "name": "21890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21890" + }, + { + "name": "19974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19974" + }, + { + "name": "1016828", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016828" + }, + { + "name": "ADV-2006-3581", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3581" + }, + { + "name": "21924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21924" + }, + { + "name": "ADV-2006-3582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3582" + }, + { + "name": "23899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23899" + }, + { + "name": "xorg-server-scancidfont-overflow(28890)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28890" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3778.json b/2006/3xxx/CVE-2006-3778.json index 510e5098120..89fcbf72a0b 100644 --- a/2006/3xxx/CVE-2006-3778.json +++ b/2006/3xxx/CVE-2006-3778.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) \"Save As Draft\" option is used or (2) a \",\" (comma) is inside the \"phrase\" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602" - }, - { - "name" : "1016516", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016516" - }, - { - "name" : "1016819", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016819" - }, - { - "name" : "21096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) \"Save As Draft\" option is used or (2) a \",\" (comma) is inside the \"phrase\" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016516", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016516" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21243602" + }, + { + "name": "1016819", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016819" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=899&uid=swg21240386" + }, + { + "name": "21096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21096" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6718.json b/2006/6xxx/CVE-2006-6718.json index cbe72ee1db3..88be2fb0390 100644 --- a/2006/6xxx/CVE-2006-6718.json +++ b/2006/6xxx/CVE-2006-6718.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454630/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, \"manager,\" which allows remote attackers to perform unauthorized actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061216 Allied Telesis AT-9000/24 Ethernet switch management can be accessed from all VLANs.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454630/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6781.json b/2006/6xxx/CVE-2006-6781.json index ee646eec86e..e736fcca610 100644 --- a/2006/6xxx/CVE-2006-6781.json +++ b/2006/6xxx/CVE-2006-6781.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6781", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061225 HLStats Remote SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455305/100/0/threaded" - }, - { - "name" : "3002", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/3002" - }, - { - "name" : "21740", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21740" - }, - { - "name" : "2064", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3002", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/3002" + }, + { + "name": "2064", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2064" + }, + { + "name": "20061225 HLStats Remote SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455305/100/0/threaded" + }, + { + "name": "21740", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21740" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7219.json b/2006/7xxx/CVE-2006-7219.json index ffa2233322a..cf7322b8ea7 100644 --- a/2006/7xxx/CVE-2006-7219.json +++ b/2006/7xxx/CVE-2006-7219.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5" - }, - { - "name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", - "refsource" : "CONFIRM", - "url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0" - }, - { - "name" : "http://issues.ez.no/8795", - "refsource" : "CONFIRM", - "url" : "http://issues.ez.no/8795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_8_4_to_3_8_5" + }, + { + "name": "http://issues.ez.no/8795", + "refsource": "CONFIRM", + "url": "http://issues.ez.no/8795" + }, + { + "name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0", + "refsource": "CONFIRM", + "url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_9/changelog_3_8_0_to_3_9_0" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0321.json b/2011/0xxx/CVE-2011-0321.json index aef283239a7..0f6d706b214 100644 --- a/2011/0xxx/CVE-2011-0321.json +++ b/2011/0xxx/CVE-2011-0321.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2011-0321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110126 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/0162.html" - }, - { - "name" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt", - "refsource" : "CONFIRM", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt" - }, - { - "name" : "46044", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46044" - }, - { - "name" : "70686", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70686" - }, - { - "name" : "1025010", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025010" - }, - { - "name" : "43113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43113" - }, - { - "name" : "ADV-2011-0241", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0241" - }, - { - "name" : "networker-librpc-security-bypass(64997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt", + "refsource": "CONFIRM", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt" + }, + { + "name": "1025010", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025010" + }, + { + "name": "46044", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46044" + }, + { + "name": "networker-librpc-security-bypass(64997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64997" + }, + { + "name": "20110126 ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2011-01/0162.html" + }, + { + "name": "70686", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70686" + }, + { + "name": "43113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43113" + }, + { + "name": "ADV-2011-0241", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0241" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0335.json b/2011/0xxx/CVE-2011-0335.json index 5bc42b8c338..c834db65718 100644 --- a/2011/0xxx/CVE-2011-0335.json +++ b/2011/0xxx/CVE-2011-0335.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb11-17.html" - }, - { - "name" : "TA11-166A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb11-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb11-17.html" + }, + { + "name": "TA11-166A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-166A.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0640.json b/2011/0xxx/CVE-2011-0640.json index f50f7f930b9..62e2999309a 100644 --- a/2011/0xxx/CVE-2011-0640.json +++ b/2011/0xxx/CVE-2011-0640.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.cnet.com/8301-27080_3-20028919-245.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-27080_3-20028919-245.html" - }, - { - "name" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou" - }, - { - "name" : "http://www.cs.gmu.edu/~astavrou/publications.html", - "refsource" : "MISC", - "url" : "http://www.cs.gmu.edu/~astavrou/publications.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://news.cnet.com/8301-27080_3-20028919-245.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-27080_3-20028919-245.html" + }, + { + "name": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou", + "refsource": "MISC", + "url": "http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou" + }, + { + "name": "http://www.cs.gmu.edu/~astavrou/publications.html", + "refsource": "MISC", + "url": "http://www.cs.gmu.edu/~astavrou/publications.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0782.json b/2011/0xxx/CVE-2011-0782.json index 916f8baf993..edf33c71b7b 100644 --- a/2011/0xxx/CVE-2011-0782.json +++ b/2011/0xxx/CVE-2011-0782.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=66931", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=66931" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14243", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate an unspecified flaw in the Mac OS X 10.5 SSL libraries, which allows remote attackers to cause a denial of service (application crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=66931", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=66931" + }, + { + "name": "oval:org.mitre.oval:def:14243", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14243" + }, + { + "name": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/02/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1240.json b/2011/1xxx/CVE-2011-1240.json index c2560e54776..4b47eb31f0c 100644 --- a/2011/1xxx/CVE-2011-1240.json +++ b/2011/1xxx/CVE-2011-1240.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2011-1240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" - }, - { - "name" : "http://support.avaya.com/css/P8/documents/100133352", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/css/P8/documents/100133352" - }, - { - "name" : "MS11-034", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "47217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47217" - }, - { - "name" : "71755", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/71755" - }, - { - "name" : "oval:org.mitre.oval:def:12547", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12547" - }, - { - "name" : "1025345", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025345" - }, - { - "name" : "44156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44156" - }, - { - "name" : "ADV-2011-0952", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0952" - }, - { - "name" : "mswin-win32k-var28-priv-escalation(66422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other \"Vulnerability Type 1\" CVEs listed in MS11-034, aka \"Win32k Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "MS11-034", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-034" + }, + { + "name": "ADV-2011-0952", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0952" + }, + { + "name": "47217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47217" + }, + { + "name": "http://support.avaya.com/css/P8/documents/100133352", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/css/P8/documents/100133352" + }, + { + "name": "oval:org.mitre.oval:def:12547", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12547" + }, + { + "name": "71755", + "refsource": "OSVDB", + "url": "http://osvdb.org/71755" + }, + { + "name": "44156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44156" + }, + { + "name": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx" + }, + { + "name": "mswin-win32k-var28-priv-escalation(66422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66422" + }, + { + "name": "1025345", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025345" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1922.json b/2011/1xxx/CVE-2011-1922.json index 538f70445e6..23639c52cc8 100644 --- a/2011/1xxx/CVE-2011-1922.json +++ b/2011/1xxx/CVE-2011-1922.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt", - "refsource" : "CONFIRM", - "url" : "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt" - }, - { - "name" : "FEDORA-2011-7555", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html" - }, - { - "name" : "VU#531342", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/531342" - }, - { - "name" : "47986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47986" - }, - { - "name" : "72750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/72750" - }, - { - "name" : "44865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44865" - }, - { - "name" : "unbound-dns-dos(67645)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-7555", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html" + }, + { + "name": "47986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47986" + }, + { + "name": "44865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44865" + }, + { + "name": "72750", + "refsource": "OSVDB", + "url": "http://osvdb.org/72750" + }, + { + "name": "VU#531342", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/531342" + }, + { + "name": "unbound-dns-dos(67645)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645" + }, + { + "name": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt", + "refsource": "CONFIRM", + "url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3167.json b/2011/3xxx/CVE-2011-3167.json index e01a7db87f7..44dec3d7a83 100644 --- a/2011/3xxx/CVE-2011-3167.json +++ b/2011/3xxx/CVE-2011-3167.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-3167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02712", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" - }, - { - "name" : "SSRT100649", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" - }, - { - "name" : "1026260", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026260" - }, - { - "name" : "8484", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026260", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026260" + }, + { + "name": "HPSBMU02712", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2" + }, + { + "name": "8484", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8484" + }, + { + "name": "SSRT100649", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3493.json b/2011/3xxx/CVE-2011-3493.json index 22c16b12405..e797d458135 100644 --- a/2011/3xxx/CVE-2011-3493.json +++ b/2011/3xxx/CVE-2011-3493.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/cogent_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/cogent_1-adv.txt" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/cogent_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/cogent_1-adv.txt" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-03.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3897.json b/2011/3xxx/CVE-2011-3897.json index 60fdf93c3cc..0e330e2e282 100644 --- a/2011/3xxx/CVE-2011-3897.json +++ b/2011/3xxx/CVE-2011-3897.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3897", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3897", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=102242", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=102242" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" - }, - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "oval:org.mitre.oval:def:14250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14250" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "46933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46933" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20113897-code-execution(73806)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=102242", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=102242" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "apple-webkit-cve20113897-code-execution(73806)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73806" + }, + { + "name": "46933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46933" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:14250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14250" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4309.json b/2011/4xxx/CVE-2011-4309.json index 5f4384574dd..594657ccd15 100644 --- a/2011/4xxx/CVE-2011-4309.json +++ b/2011/4xxx/CVE-2011-4309.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=188323", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=188323" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=188323", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=188323" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5eb1cec34f013fdcb559b66bc401f2845ce0bbb7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4482.json b/2011/4xxx/CVE-2011-4482.json index 44f5ac305bd..66793e0c0a7 100644 --- a/2011/4xxx/CVE-2011-4482.json +++ b/2011/4xxx/CVE-2011-4482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4583.json b/2011/4xxx/CVE-2011-4583.json index 5c0b79754bc..43d6754264d 100644 --- a/2011/4xxx/CVE-2011-4583.json +++ b/2011/4xxx/CVE-2011-4583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191750", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191750" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191750", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191750" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4742.json b/2011/4xxx/CVE-2011-4742.json index 722b13c2748..97f116d8b93 100644 --- a/2011/4xxx/CVE-2011-4742.json +++ b/2011/4xxx/CVE-2011-4742.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" - }, - { - "name" : "plesk-mail-info-disclosure(72317)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 has web pages containing e-mail addresses that are not intended for correspondence about the local application deployment, which allows remote attackers to obtain potentially sensitive information by reading a page, as demonstrated by smb/user/list and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html" + }, + { + "name": "plesk-mail-info-disclosure(72317)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72317" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4853.json b/2011/4xxx/CVE-2011-4853.json index b2fc98b4542..39c6c515058 100644 --- a/2011/4xxx/CVE-2011-4853.json +++ b/2011/4xxx/CVE-2011-4853.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" - }, - { - "name" : "plesk-rfc-info-disclosure(72094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes an RFC 1918 IP address within a web page, which allows remote attackers to obtain potentially sensitive information by reading this page, as demonstrated by smb/user/list-data/items-per-page/ and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "plesk-rfc-info-disclosure(72094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72094" + }, + { + "name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1964.json b/2013/1xxx/CVE-2013-1964.json index 1a0d90c6425..a3fb2d1fcc2 100644 --- a/2013/1xxx/CVE-2013-1964.json +++ b/2013/1xxx/CVE-2013-1964.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/04/18/9" - }, - { - "name" : "DSA-2666", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2666" - }, - { - "name" : "FEDORA-2013-6723", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" - }, - { - "name" : "GLSA-201309-24", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml" - }, - { - "name" : "SUSE-SU-2014:0446", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" - }, - { - "name" : "59293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59293" - }, - { - "name" : "1028459", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028459" - }, - { - "name" : "55082", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "59293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59293" + }, + { + "name": "55082", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55082" + }, + { + "name": "[oss-security] 20130418 Xen Security Advisory 50 (CVE-2013-1964) - grant table hypercall acquire/release imbalance", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/04/18/9" + }, + { + "name": "GLSA-201309-24", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-24.xml" + }, + { + "name": "DSA-2666", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2666" + }, + { + "name": "1028459", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028459" + }, + { + "name": "SUSE-SU-2014:0446", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" + }, + { + "name": "FEDORA-2013-6723", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5077.json b/2013/5xxx/CVE-2013-5077.json index 423badf1c16..c0dfc61a187 100644 --- a/2013/5xxx/CVE-2013-5077.json +++ b/2013/5xxx/CVE-2013-5077.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5077", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5077", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5612.json b/2013/5xxx/CVE-2013-5612.json index 91be873daab..ee9fd7632f6 100644 --- a/2013/5xxx/CVE-2013-5612.json +++ b/2013/5xxx/CVE-2013-5612.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2013-5612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=871161", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=871161" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "FEDORA-2013-23127", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" - }, - { - "name" : "FEDORA-2013-23519", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" - }, - { - "name" : "GLSA-201504-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201504-01" - }, - { - "name" : "RHSA-2013:1812", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1812.html" - }, - { - "name" : "openSUSE-SU-2014:0008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" - }, - { - "name" : "SUSE-SU-2013:1919", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" - }, - { - "name" : "openSUSE-SU-2013:1916", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" - }, - { - "name" : "openSUSE-SU-2013:1917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" - }, - { - "name" : "openSUSE-SU-2013:1918", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" - }, - { - "name" : "USN-2052-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2052-1" - }, - { - "name" : "64205", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/64205" - }, - { - "name" : "1029470", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029470" - }, - { - "name" : "1029476", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "64205", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/64205" + }, + { + "name": "SUSE-SU-2013:1919", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html" + }, + { + "name": "FEDORA-2013-23127", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html" + }, + { + "name": "FEDORA-2013-23519", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html" + }, + { + "name": "1029470", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029470" + }, + { + "name": "openSUSE-SU-2013:1917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html" + }, + { + "name": "GLSA-201504-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201504-01" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "openSUSE-SU-2013:1916", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html" + }, + { + "name": "openSUSE-SU-2014:0008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html" + }, + { + "name": "1029476", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029476" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-106.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=871161", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=871161" + }, + { + "name": "openSUSE-SU-2013:1918", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html" + }, + { + "name": "USN-2052-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2052-1" + }, + { + "name": "RHSA-2013:1812", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1812.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5996.json b/2013/5xxx/CVE-2013-5996.json index 71da729f118..abc12c80fae 100644 --- a/2013/5xxx/CVE-2013-5996.json +++ b/2013/5xxx/CVE-2013-5996.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-5996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.ec-cube.net/open_trac/changeset/23275", - "refsource" : "CONFIRM", - "url" : "http://svn.ec-cube.net/open_trac/changeset/23275" - }, - { - "name" : "http://www.ec-cube.net/info/weakness/weakness.php?id=55", - "refsource" : "CONFIRM", - "url" : "http://www.ec-cube.net/info/weakness/weakness.php?id=55" - }, - { - "name" : "JVN#06377589", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN06377589/index.html" - }, - { - "name" : "JVNDB-2013-000107", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafted values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000107", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000107" + }, + { + "name": "JVN#06377589", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN06377589/index.html" + }, + { + "name": "http://www.ec-cube.net/info/weakness/weakness.php?id=55", + "refsource": "CONFIRM", + "url": "http://www.ec-cube.net/info/weakness/weakness.php?id=55" + }, + { + "name": "http://svn.ec-cube.net/open_trac/changeset/23275", + "refsource": "CONFIRM", + "url": "http://svn.ec-cube.net/open_trac/changeset/23275" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2065.json b/2014/2xxx/CVE-2014-2065.json index 900cdd5e3f0..84ade14a7a5 100644 --- a/2014/2xxx/CVE-2014-2065.json +++ b/2014/2xxx/CVE-2014-2065.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2014-2065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7" - }, - { - "name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", - "refsource" : "CONFIRM", - "url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7" + }, + { + "name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/02/21/2" + }, + { + "name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", + "refsource": "CONFIRM", + "url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2286.json b/2014/2xxx/CVE-2014-2286.json index 7cc91c4cdac..a7463a56ad7 100644 --- a/2014/2xxx/CVE-2014-2286.json +++ b/2014/2xxx/CVE-2014-2286.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff", - "refsource" : "MISC", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2014-001.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2014-001.html" - }, - { - "name" : "https://issues.asterisk.org/jira/browse/ASTERISK-23340", - "refsource" : "CONFIRM", - "url" : "https://issues.asterisk.org/jira/browse/ASTERISK-23340" - }, - { - "name" : "FEDORA-2014-3762", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" - }, - { - "name" : "FEDORA-2014-3779", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" - }, - { - "name" : "MDVSA-2014:078", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" - }, - { - "name" : "66093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.x before 1.8.15-cert5 and 11.6 before 11.6-cert2, allows remote attackers to cause a denial of service (stack consumption) and possibly execute arbitrary code via an HTTP request with a large number of Cookie headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.asterisk.org/jira/browse/ASTERISK-23340", + "refsource": "CONFIRM", + "url": "https://issues.asterisk.org/jira/browse/ASTERISK-23340" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff", + "refsource": "MISC", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diff" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2014-001.html", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2014-001.html" + }, + { + "name": "66093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66093" + }, + { + "name": "MDVSA-2014:078", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:078" + }, + { + "name": "FEDORA-2014-3762", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130426.html" + }, + { + "name": "FEDORA-2014-3779", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-March/130400.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2405.json b/2014/2xxx/CVE-2014-2405.json index 089e0b70d43..9428bb83689 100644 --- a/2014/2xxx/CVE-2014-2405.json +++ b/2014/2xxx/CVE-2014-2405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-2912", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2912" - }, - { - "name" : "USN-2191-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2191-1" - }, - { - "name" : "58415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2191-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2191-1" + }, + { + "name": "DSA-2912", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2912" + }, + { + "name": "58415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58415" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2558.json b/2014/2xxx/CVE-2014-2558.json index b5dd8a7dfef..00c1fdbf687 100644 --- a/2014/2xxx/CVE-2014-2558.json +++ b/2014/2xxx/CVE-2014-2558.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \\' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/305" - }, - { - "name" : "http://wordpress.org/plugins/file-gallery/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/plugins/file-gallery/changelog/" - }, - { - "name" : "67120", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67120" - }, - { - "name" : "67183", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \\' (backslash quote) in the setting fields to /wp-admin/options-media.php, related to the create_function function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/plugins/file-gallery/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/plugins/file-gallery/changelog/" + }, + { + "name": "67120", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67120" + }, + { + "name": "20140429 Arbitrary code execution by admins in File Gallery 1.7.7 (WordPress plugin)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/305" + }, + { + "name": "67183", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67183" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2916.json b/2014/2xxx/CVE-2014-2916.json index 8f67c4ccb65..c20b6069976 100644 --- a/2014/2xxx/CVE-2014-2916.json +++ b/2014/2xxx/CVE-2014-2916.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html", - "refsource" : "MISC", - "url" : "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html" - }, - { - "name" : "http://www.phplist.com/?lid=638", - "refsource" : "CONFIRM", - "url" : "http://www.phplist.com/?lid=638" - }, - { - "name" : "1030191", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030191" - }, - { - "name" : "57893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57893" + }, + { + "name": "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html", + "refsource": "MISC", + "url": "http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html" + }, + { + "name": "http://www.phplist.com/?lid=638", + "refsource": "CONFIRM", + "url": "http://www.phplist.com/?lid=638" + }, + { + "name": "1030191", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030191" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6306.json b/2014/6xxx/CVE-2014-6306.json index ce857fb887b..c6005d79fca 100644 --- a/2014/6xxx/CVE-2014-6306.json +++ b/2014/6xxx/CVE-2014-6306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6719.json b/2014/6xxx/CVE-2014-6719.json index 298d3b5caa2..2d008965b6a 100644 --- a/2014/6xxx/CVE-2014-6719.json +++ b/2014/6xxx/CVE-2014-6719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#418025", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/418025" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#418025", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/418025" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6784.json b/2014/6xxx/CVE-2014-6784.json index 42f403c69a5..f737d965602 100644 --- a/2014/6xxx/CVE-2014-6784.json +++ b/2014/6xxx/CVE-2014-6784.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#515705", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/515705" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#515705", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/515705" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6841.json b/2014/6xxx/CVE-2014-6841.json index ee93e7d752f..e912505bd6b 100644 --- a/2014/6xxx/CVE-2014-6841.json +++ b/2014/6xxx/CVE-2014-6841.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#201457", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/201457" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#201457", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/201457" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6925.json b/2014/6xxx/CVE-2014-6925.json index 33d884617f7..df1c33e415f 100644 --- a/2014/6xxx/CVE-2014-6925.json +++ b/2014/6xxx/CVE-2014-6925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#625705", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/625705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#625705", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/625705" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7935.json b/2014/7xxx/CVE-2014-7935.json index dffe8b7f98c..5de7823b681 100644 --- a/2014/7xxx/CVE-2014-7935.json +++ b/2014/7xxx/CVE-2014-7935.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-7935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=402957", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=402957" - }, - { - "name" : "https://codereview.chromium.org/692203002", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/692203002" - }, - { - "name" : "GLSA-201502-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml" - }, - { - "name" : "RHSA-2015:0093", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0093.html" - }, - { - "name" : "openSUSE-SU-2015:0441", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" - }, - { - "name" : "72288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72288" - }, - { - "name" : "1031623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031623" - }, - { - "name" : "62383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62383" - }, - { - "name" : "62665", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "62665", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62665" + }, + { + "name": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2015/01/stable-update.html" + }, + { + "name": "72288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72288" + }, + { + "name": "GLSA-201502-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=402957", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=402957" + }, + { + "name": "1031623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031623" + }, + { + "name": "https://codereview.chromium.org/692203002", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/692203002" + }, + { + "name": "openSUSE-SU-2015:0441", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html" + }, + { + "name": "RHSA-2015:0093", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0093.html" + }, + { + "name": "62383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62383" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0187.json b/2017/0xxx/CVE-2017-0187.json index d14528d9443..fce6d16c8a8 100644 --- a/2017/0xxx/CVE-2017-0187.json +++ b/2017/0xxx/CVE-2017-0187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0260.json b/2017/0xxx/CVE-2017-0260.json index eb5c0054990..f563fc4cfd9 100644 --- a/2017/0xxx/CVE-2017-0260.json +++ b/2017/0xxx/CVE-2017-0260.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2013 Service Pack 1 Click-to-Run (C2R), Microsoft Office 2016 Click-to-Run (C2R), Windows 7, Windows Server 2008 and Windows Server 2008 R2." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260" - }, - { - "name" : "98810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98810" - }, - { - "name" : "1038668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka \"Office Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-8506." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038668" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0260" + }, + { + "name": "98810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98810" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0476.json b/2017/0xxx/CVE-2017-0476.json index de09ef5b8fd..67d630acef1 100644 --- a/2017/0xxx/CVE-2017-0476.json +++ b/2017/0xxx/CVE-2017-0476.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96756" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96756" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0527.json b/2017/0xxx/CVE-2017-0527.json index aa3e920524e..1a2b45f4bdd 100644 --- a/2017/0xxx/CVE-2017-0527.json +++ b/2017/0xxx/CVE-2017-0527.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Kernel-3.10" - }, - { - "version_value" : "Kernel-3.18" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Kernel-3.10" + }, + { + "version_value": "Kernel-3.18" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-03-01" - }, - { - "name" : "96949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96949" - }, - { - "name" : "1037968", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33899318." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-03-01" + }, + { + "name": "1037968", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037968" + }, + { + "name": "96949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96949" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0868.json b/2017/0xxx/CVE-2017-0868.json index 9886764760a..3987a78ebd5 100644 --- a/2017/0xxx/CVE-2017-0868.json +++ b/2017/0xxx/CVE-2017-0868.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0868", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0868", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000191.json b/2017/1000xxx/CVE-2017-1000191.json index be0f7f06334..0959a3399f9 100644 --- a/2017/1000xxx/CVE-2017-1000191.json +++ b/2017/1000xxx/CVE-2017-1000191.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-08-22T17:29:33.414395", - "ID" : "CVE-2017-1000191", - "REQUESTER" : "ydahhrk@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jool", - "version" : { - "version_data" : [ - { - "version_value" : "3.5.0 - 3.5.1" - } - ] - } - } - ] - }, - "vendor_name" : "NIC Mexico" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-08-22T17:29:33.414395", + "ID": "CVE-2017-1000191", + "REQUESTER": "ydahhrk@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/NICMx/Jool/issues/232", - "refsource" : "CONFIRM", - "url" : "https://github.com/NICMx/Jool/issues/232" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NICMx/Jool/issues/232", + "refsource": "CONFIRM", + "url": "https://github.com/NICMx/Jool/issues/232" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18331.json b/2017/18xxx/CVE-2017-18331.json index dfe386373b9..c86407bb811 100644 --- a/2017/18xxx/CVE-2017-18331.json +++ b/2017/18xxx/CVE-2017-18331.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control on Access Control Module" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control on Access Control Module" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1021.json b/2017/1xxx/CVE-2017-1021.json index e165e5b024a..f7591940f8a 100644 --- a/2017/1xxx/CVE-2017-1021.json +++ b/2017/1xxx/CVE-2017-1021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1135.json b/2017/1xxx/CVE-2017-1135.json index 84f9ba6c458..363253122d5 100644 --- a/2017/1xxx/CVE-2017-1135.json +++ b/2017/1xxx/CVE-2017-1135.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1135", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1135", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1280.json b/2017/1xxx/CVE-2017-1280.json index 084f5c5be85..4b968061ce7 100644 --- a/2017/1xxx/CVE-2017-1280.json +++ b/2017/1xxx/CVE-2017-1280.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171280-xss(124758)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + }, + { + "name": "ibm-rqm-cve20171280-xss(124758)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1578.json b/2017/1xxx/CVE-2017-1578.json index 7e3d42c4b6f..1a7a6c0773a 100644 --- a/2017/1xxx/CVE-2017-1578.json +++ b/2017/1xxx/CVE-2017-1578.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1578", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1578", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4020.json b/2017/4xxx/CVE-2017-4020.json index 7269cb76a4d..b230a3f9e79 100644 --- a/2017/4xxx/CVE-2017-4020.json +++ b/2017/4xxx/CVE-2017-4020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4020", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4020", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4895.json b/2017/4xxx/CVE-2017-4895.json index 5ebfcec9b45..62a700d0ef3 100644 --- a/2017/4xxx/CVE-2017-4895.json +++ b/2017/4xxx/CVE-2017-4895.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "ID" : "CVE-2017-4895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Airwatch Agent", - "version" : { - "version_data" : [ - { - "version_value" : "x.x" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Root detection bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "ID": "CVE-2017-4895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Airwatch Agent", + "version": { + "version_data": [ + { + "version_value": "x.x" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html" - }, - { - "name" : "95892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95892" - }, - { - "name" : "1037738", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Airwatch Agent for Android contains a vulnerability that may allow a device to bypass root detection. Successful exploitation of this issue may result in an enrolled device having unrestricted access over local Airwatch security controls and data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Root detection bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/us/security/advisories/VMSA-2017-0001.html" + }, + { + "name": "95892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95892" + }, + { + "name": "1037738", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037738" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5207.json b/2017/5xxx/CVE-2017-5207.json index 7fae12d05b1..3272b8f7903 100644 --- a/2017/5xxx/CVE-2017-5207.json +++ b/2017/5xxx/CVE-2017-5207.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170107 Re: Firejail local root exploit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/07/6" - }, - { - "name" : "https://firejail.wordpress.com/download-2/release-notes/", - "refsource" : "CONFIRM", - "url" : "https://firejail.wordpress.com/download-2/release-notes/" - }, - { - "name" : "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc", - "refsource" : "CONFIRM", - "url" : "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc" - }, - { - "name" : "https://github.com/netblue30/firejail/issues/1023", - "refsource" : "CONFIRM", - "url" : "https://github.com/netblue30/firejail/issues/1023" - }, - { - "name" : "GLSA-201701-62", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-62" - }, - { - "name" : "97385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97385" + }, + { + "name": "GLSA-201701-62", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-62" + }, + { + "name": "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc", + "refsource": "CONFIRM", + "url": "https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc" + }, + { + "name": "https://github.com/netblue30/firejail/issues/1023", + "refsource": "CONFIRM", + "url": "https://github.com/netblue30/firejail/issues/1023" + }, + { + "name": "https://firejail.wordpress.com/download-2/release-notes/", + "refsource": "CONFIRM", + "url": "https://firejail.wordpress.com/download-2/release-notes/" + }, + { + "name": "[oss-security] 20170107 Re: Firejail local root exploit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/07/6" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5839.json b/2017/5xxx/CVE-2017-5839.json index e6ea8e444a7..27ee6297822 100644 --- a/2017/5xxx/CVE-2017-5839.json +++ b/2017/5xxx/CVE-2017-5839.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170201 Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/01/7" - }, - { - "name" : "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/02/9" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777265", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777265" - }, - { - "name" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", - "refsource" : "CONFIRM", - "url" : "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" - }, - { - "name" : "DSA-3819", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3819" - }, - { - "name" : "GLSA-201705-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-10" - }, - { - "name" : "RHSA-2017:2060", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2060" - }, - { - "name" : "96001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96001" + }, + { + "name": "DSA-3819", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3819" + }, + { + "name": "RHSA-2017:2060", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2060" + }, + { + "name": "[oss-security] 20170202 Re: Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/02/9" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777265", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777265" + }, + { + "name": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3", + "refsource": "CONFIRM", + "url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3" + }, + { + "name": "GLSA-201705-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-10" + }, + { + "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + } + ] + } +} \ No newline at end of file