From c4b7d939b4b6c511fe1c533a21fc6a3a87170e2d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:47:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2001/0xxx/CVE-2001-0007.json | 150 +++++++++--------- 2001/1xxx/CVE-2001-1151.json | 140 ++++++++--------- 2001/1xxx/CVE-2001-1515.json | 130 ++++++++-------- 2006/2xxx/CVE-2006-2247.json | 190 +++++++++++------------ 2006/2xxx/CVE-2006-2622.json | 34 ++-- 2006/2xxx/CVE-2006-2648.json | 190 +++++++++++------------ 2006/6xxx/CVE-2006-6358.json | 170 ++++++++++---------- 2006/6xxx/CVE-2006-6553.json | 160 +++++++++---------- 2006/6xxx/CVE-2006-6647.json | 140 ++++++++--------- 2006/6xxx/CVE-2006-6976.json | 140 ++++++++--------- 2006/6xxx/CVE-2006-6985.json | 120 +++++++-------- 2006/7xxx/CVE-2006-7008.json | 140 ++++++++--------- 2011/0xxx/CVE-2011-0299.json | 34 ++-- 2011/0xxx/CVE-2011-0931.json | 34 ++-- 2011/2xxx/CVE-2011-2360.json | 160 +++++++++---------- 2011/2xxx/CVE-2011-2382.json | 210 ++++++++++++------------- 2011/2xxx/CVE-2011-2612.json | 140 ++++++++--------- 2011/2xxx/CVE-2011-2685.json | 180 +++++++++++----------- 2011/3xxx/CVE-2011-3139.json | 34 ++-- 2011/3xxx/CVE-2011-3770.json | 150 +++++++++--------- 2011/3xxx/CVE-2011-3850.json | 130 ++++++++-------- 2011/3xxx/CVE-2011-3917.json | 140 ++++++++--------- 2011/3xxx/CVE-2011-3963.json | 140 ++++++++--------- 2011/4xxx/CVE-2011-4556.json | 34 ++-- 2011/4xxx/CVE-2011-4850.json | 120 +++++++-------- 2011/4xxx/CVE-2011-4859.json | 180 +++++++++++----------- 2013/1xxx/CVE-2013-1051.json | 140 ++++++++--------- 2013/1xxx/CVE-2013-1849.json | 220 +++++++++++++------------- 2013/1xxx/CVE-2013-1931.json | 34 ++-- 2013/5xxx/CVE-2013-5516.json | 140 ++++++++--------- 2013/5xxx/CVE-2013-5564.json | 120 +++++++-------- 2013/5xxx/CVE-2013-5586.json | 240 ++++++++++++++--------------- 2013/5xxx/CVE-2013-5624.json | 34 ++-- 2013/5xxx/CVE-2013-5735.json | 34 ++-- 2014/2xxx/CVE-2014-2944.json | 34 ++-- 2014/6xxx/CVE-2014-6127.json | 34 ++-- 2014/6xxx/CVE-2014-6405.json | 34 ++-- 2014/6xxx/CVE-2014-6666.json | 140 ++++++++--------- 2014/6xxx/CVE-2014-6973.json | 140 ++++++++--------- 2017/0xxx/CVE-2017-0009.json | 150 +++++++++--------- 2017/0xxx/CVE-2017-0390.json | 176 ++++++++++----------- 2017/0xxx/CVE-2017-0669.json | 132 ++++++++-------- 2017/0xxx/CVE-2017-0977.json | 34 ++-- 2017/1000xxx/CVE-2017-1000476.json | 154 +++++++++--------- 2017/16xxx/CVE-2017-16210.json | 132 ++++++++-------- 2017/16xxx/CVE-2017-16732.json | 120 +++++++-------- 2017/16xxx/CVE-2017-16884.json | 160 +++++++++---------- 2017/1xxx/CVE-2017-1221.json | 148 +++++++++--------- 2017/1xxx/CVE-2017-1261.json | 156 +++++++++---------- 2017/1xxx/CVE-2017-1490.json | 166 ++++++++++---------- 2017/1xxx/CVE-2017-1878.json | 34 ++-- 2017/4xxx/CVE-2017-4391.json | 34 ++-- 2017/4xxx/CVE-2017-4649.json | 34 ++-- 2017/4xxx/CVE-2017-4993.json | 34 ++-- 54 files changed, 3199 insertions(+), 3199 deletions(-) diff --git a/2001/0xxx/CVE-2001-0007.json b/2001/0xxx/CVE-2001-0007.json index 40f490980b1..f9a37639147 100644 --- a/2001/0xxx/CVE-2001-0007.json +++ b/2001/0xxx/CVE-2001-0007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/155149" - }, - { - "name" : "2176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/2176" - }, - { - "name" : "netscreen-webui-bo(5908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5908" - }, - { - "name" : "1707", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/1707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/2176" + }, + { + "name": "netscreen-webui-bo(5908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5908" + }, + { + "name": "1707", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/1707" + }, + { + "name": "20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/155149" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1151.json b/2001/1xxx/CVE-2001-1151.json index ec96656a714..8c961a79510 100644 --- a/2001/1xxx/CVE-2001-1151.json +++ b/2001/1xxx/CVE-2001-1151.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/220666" - }, - { - "name" : "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", - "refsource" : "MISC", - "url" : "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318" - }, - { - "name" : "officescan-config-file-access(7286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 allows remote attackers to access sensitive information from the hotdownload directory without authentication, such as the ofcscan.ini configuration file, which contains a weakly encrypted password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318", + "refsource": "MISC", + "url": "http://www.trendmicro.co.jp/esolution/solutionDetail.asp?solutionID=318" + }, + { + "name": "officescan-config-file-access(7286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7286" + }, + { + "name": "20011015 [SNS Advisory No.44] Trend Micro OfficeScan Corporate Edition(Virus Buster Corporate Edition)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/220666" + } + ] + } +} \ No newline at end of file diff --git a/2001/1xxx/CVE-2001-1515.json b/2001/1xxx/CVE-2001-1515.json index 415a610a6d1..4ad5877d39a 100644 --- a/2001/1xxx/CVE-2001-1515.json +++ b/2001/1xxx/CVE-2001-1515.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "3479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3479" - }, - { - "name" : "1002626", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1002626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3479" + }, + { + "name": "1002626", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1002626" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2247.json b/2006/2xxx/CVE-2006-2247.json index 9dc8c9f9d95..2ab87ed0d9a 100644 --- a/2006/2xxx/CVE-2006-2247.json +++ b/2006/2xxx/CVE-2006-2247.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060504 WebCalendar User Account Enumeration Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433053/100/0/threaded" - }, - { - "name" : "20060505 Re: WebCalendar User Account Enumeration Weakness", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433077/100/0/threaded" - }, - { - "name" : "DSA-1056", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1056" - }, - { - "name" : "17853", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17853" - }, - { - "name" : "25280", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25280" - }, - { - "name" : "19974", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19974" - }, - { - "name" : "20108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20108" - }, - { - "name" : "webcalendar-user-information-disclosure(26262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17853", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17853" + }, + { + "name": "25280", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25280" + }, + { + "name": "DSA-1056", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1056" + }, + { + "name": "webcalendar-user-information-disclosure(26262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26262" + }, + { + "name": "20108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20108" + }, + { + "name": "20060505 Re: WebCalendar User Account Enumeration Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433077/100/0/threaded" + }, + { + "name": "19974", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19974" + }, + { + "name": "20060504 WebCalendar User Account Enumeration Weakness", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433053/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2622.json b/2006/2xxx/CVE-2006-2622.json index 0fa0da92fee..c2fc95b9dba 100644 --- a/2006/2xxx/CVE-2006-2622.json +++ b/2006/2xxx/CVE-2006-2622.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2622", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2622", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2648.json b/2006/2xxx/CVE-2006-2648.json index 896e321e15e..4beda7fa672 100644 --- a/2006/2xxx/CVE-2006-2648.json +++ b/2006/2xxx/CVE-2006-2648.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435280/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=32", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=32" - }, - { - "name" : "18146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18146" - }, - { - "name" : "ADV-2006-2027", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2027" - }, - { - "name" : "1016169", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016169" - }, - { - "name" : "20360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20360" - }, - { - "name" : "983", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/983" - }, - { - "name" : "aspbb-performsearch-xss(26819)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016169", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016169" + }, + { + "name": "20060528 Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435280/100/0/threaded" + }, + { + "name": "18146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18146" + }, + { + "name": "aspbb-performsearch-xss(26819)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26819" + }, + { + "name": "983", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/983" + }, + { + "name": "http://www.nukedx.com/?viewdoc=32", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=32" + }, + { + "name": "20360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20360" + }, + { + "name": "ADV-2006-2027", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2027" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6358.json b/2006/6xxx/CVE-2006-6358.json index 166f5f84a02..f9d418c1869 100644 --- a/2006/6xxx/CVE-2006-6358.json +++ b/2006/6xxx/CVE-2006-6358.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061203 Online BookMarks Multiple SQL Injection/XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116525508018486&w=2" - }, - { - "name" : "http://www.vigilon.com/resources/120406.html", - "refsource" : "MISC", - "url" : "http://www.vigilon.com/resources/120406.html" - }, - { - "name" : "21422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21422" - }, - { - "name" : "ADV-2006-4849", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4849" - }, - { - "name" : "23169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23169" - }, - { - "name" : "onlinebookmarks-login-sql-injection(30696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23169" + }, + { + "name": "21422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21422" + }, + { + "name": "ADV-2006-4849", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4849" + }, + { + "name": "20061203 Online BookMarks Multiple SQL Injection/XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116525508018486&w=2" + }, + { + "name": "onlinebookmarks-login-sql-injection(30696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30696" + }, + { + "name": "http://www.vigilon.com/resources/120406.html", + "refsource": "MISC", + "url": "http://www.vigilon.com/resources/120406.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6553.json b/2006/6xxx/CVE-2006-6553.json index 70b640a252b..f756e2857b6 100644 --- a/2006/6xxx/CVE-2006-6553.json +++ b/2006/6xxx/CVE-2006-6553.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2925", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2925" - }, - { - "name" : "21573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21573" - }, - { - "name" : "ADV-2006-4981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4981" - }, - { - "name" : "23358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23358" - }, - { - "name" : "mxbbnewssuite-newssuite-file-include(30855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2925", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2925" + }, + { + "name": "mxbbnewssuite-newssuite-file-include(30855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30855" + }, + { + "name": "21573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21573" + }, + { + "name": "ADV-2006-4981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4981" + }, + { + "name": "23358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23358" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6647.json b/2006/6xxx/CVE-2006-6647.json index 4d05ca30d16..32fc8a651f3 100644 --- a/2006/6xxx/CVE-2006-6647.json +++ b/2006/6xxx/CVE-2006-6647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/103958", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/103958" - }, - { - "name" : "ADV-2006-5049", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5049" - }, - { - "name" : "23405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/103958", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/103958" + }, + { + "name": "23405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23405" + }, + { + "name": "ADV-2006-5049", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5049" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6976.json b/2006/6xxx/CVE-2006-6976.json index 77b53a85392..d6e22343ef3 100644 --- a/2006/6xxx/CVE-2006-6976.json +++ b/2006/6xxx/CVE-2006-6976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2555", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2555" - }, - { - "name" : "20070207 true: months-old CentiPaid absolute_path RFI", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2007-February/001296.html" - }, - { - "name" : "centipaid-centipaidclass-file-include(29564)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20070207 true: months-old CentiPaid absolute_path RFI", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2007-February/001296.html" + }, + { + "name": "centipaid-centipaidclass-file-include(29564)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29564" + }, + { + "name": "2555", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2555" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6985.json b/2006/6xxx/CVE-2006-6985.json index 6390414da4e..206ac72315e 100644 --- a/2006/6xxx/CVE-2006-6985.json +++ b/2006/6xxx/CVE-2006-6985.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7008.json b/2006/7xxx/CVE-2006-7008.json index 0ee283987ae..693ea2d5d5c 100644 --- a/2006/7xxx/CVE-2006-7008.json +++ b/2006/7xxx/CVE-2006-7008.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to \"securing mosmsg from misuse.\" NOTE: it is possible that this issue overlaps CVE-2006-1029." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.joomla.org/content/view/1510/74/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/1510/74/" - }, - { - "name" : "26915", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26915" - }, - { - "name" : "20874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20874" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to \"securing mosmsg from misuse.\" NOTE: it is possible that this issue overlaps CVE-2006-1029." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26915", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26915" + }, + { + "name": "http://www.joomla.org/content/view/1510/74/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/1510/74/" + }, + { + "name": "20874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20874" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0299.json b/2011/0xxx/CVE-2011-0299.json index 24679e45799..e0323c3169d 100644 --- a/2011/0xxx/CVE-2011-0299.json +++ b/2011/0xxx/CVE-2011-0299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0931.json b/2011/0xxx/CVE-2011-0931.json index 9d44fe98411..0bf81ad1936 100644 --- a/2011/0xxx/CVE-2011-0931.json +++ b/2011/0xxx/CVE-2011-0931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2360.json b/2011/2xxx/CVE-2011-2360.json index 6528a2d812a..f15268d5e02 100644 --- a/2011/2xxx/CVE-2011-2360.json +++ b/2011/2xxx/CVE-2011-2360.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-2360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=79266", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=79266" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" - }, - { - "name" : "74230", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/74230" - }, - { - "name" : "oval:org.mitre.oval:def:14362", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14362" - }, - { - "name" : "chrome-file-prompt-sec-bypass(68942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html" + }, + { + "name": "74230", + "refsource": "OSVDB", + "url": "http://osvdb.org/74230" + }, + { + "name": "chrome-file-prompt-sec-bypass(68942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68942" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=79266", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=79266" + }, + { + "name": "oval:org.mitre.oval:def:14362", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14362" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2382.json b/2011/2xxx/CVE-2011-2382.json index 00ac6ed5d7c..aa122b9c093 100644 --- a/2011/2xxx/CVE-2011-2382.json +++ b/2011/2xxx/CVE-2011-2382.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388", - "refsource" : "MISC", - "url" : "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" - }, - { - "name" : "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt", - "refsource" : "MISC", - "url" : "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt" - }, - { - "name" : "http://news.cnet.com/8301-1009_3-20066419-83.html", - "refsource" : "MISC", - "url" : "http://news.cnet.com/8301-1009_3-20066419-83.html" - }, - { - "name" : "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/", - "refsource" : "MISC", - "url" : "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" - }, - { - "name" : "http://www.informationweek.com/news/security/vulnerabilities/229700031", - "refsource" : "MISC", - "url" : "http://www.informationweek.com/news/security/vulnerabilities/229700031" - }, - { - "name" : "http://www.networkworld.com/community/node/74259", - "refsource" : "MISC", - "url" : "http://www.networkworld.com/community/node/74259" - }, - { - "name" : "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/", - "refsource" : "MISC", - "url" : "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" - }, - { - "name" : "http://www.youtube.com/watch?v=V95CX-3JpK0", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=V95CX-3JpK0" - }, - { - "name" : "http://www.youtube.com/watch?v=VsSkcnIFCxM", - "refsource" : "MISC", - "url" : "http://www.youtube.com/watch?v=VsSkcnIFCxM" - }, - { - "name" : "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt", - "refsource" : "MISC", - "url" : "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a \"cookiejacking\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.informationweek.com/news/security/vulnerabilities/229700031", + "refsource": "MISC", + "url": "http://www.informationweek.com/news/security/vulnerabilities/229700031" + }, + { + "name": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388", + "refsource": "MISC", + "url": "http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388" + }, + { + "name": "http://news.cnet.com/8301-1009_3-20066419-83.html", + "refsource": "MISC", + "url": "http://news.cnet.com/8301-1009_3-20066419-83.html" + }, + { + "name": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/", + "refsource": "MISC", + "url": "http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/" + }, + { + "name": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/", + "refsource": "MISC", + "url": "http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/" + }, + { + "name": "http://www.youtube.com/watch?v=VsSkcnIFCxM", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=VsSkcnIFCxM" + }, + { + "name": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt", + "refsource": "MISC", + "url": "http://ju12.tistory.com/attachment/cfile4.uf@151FAB4C4DDC9E0002A6FE.ppt" + }, + { + "name": "http://www.networkworld.com/community/node/74259", + "refsource": "MISC", + "url": "http://www.networkworld.com/community/node/74259" + }, + { + "name": "http://www.youtube.com/watch?v=V95CX-3JpK0", + "refsource": "MISC", + "url": "http://www.youtube.com/watch?v=V95CX-3JpK0" + }, + { + "name": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt", + "refsource": "MISC", + "url": "https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2612.json b/2011/2xxx/CVE-2011-2612.json index 25dbd816ed1..b55efad1904 100644 --- a/2011/2xxx/CVE-2011-2612.json +++ b/2011/2xxx/CVE-2011-2612.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1150/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1150/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1150/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by progorod.ru." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/docs/changelogs/windows/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1150/" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1150/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1150/" + } + ] + } +} \ No newline at end of file diff --git a/2011/2xxx/CVE-2011-2685.json b/2011/2xxx/CVE-2011-2685.json index f297a334d8b..facdfb84af9 100644 --- a/2011/2xxx/CVE-2011-2685.json +++ b/2011/2xxx/CVE-2011-2685.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-2685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-2685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110706 libreoffice/openoffice.org CVE id request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/06/13" - }, - { - "name" : "[oss-security] 20110712 Re: libreoffice/openoffice.org CVE id request", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/07/12/13" - }, - { - "name" : "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d", - "refsource" : "MISC", - "url" : "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d" - }, - { - "name" : "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877", - "refsource" : "MISC", - "url" : "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877" - }, - { - "name" : "MDVSA-2011:172", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172" - }, - { - "name" : "openSUSE-SU-2011:1143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html" - }, - { - "name" : "VU#953183", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/953183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2011:1143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html" + }, + { + "name": "[oss-security] 20110712 Re: libreoffice/openoffice.org CVE id request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/12/13" + }, + { + "name": "MDVSA-2011:172", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:172" + }, + { + "name": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877", + "refsource": "MISC", + "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877" + }, + { + "name": "VU#953183", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/953183" + }, + { + "name": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d", + "refsource": "MISC", + "url": "http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d" + }, + { + "name": "[oss-security] 20110706 libreoffice/openoffice.org CVE id request", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/07/06/13" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3139.json b/2011/3xxx/CVE-2011-3139.json index 9a1476404b9..090a817fea3 100644 --- a/2011/3xxx/CVE-2011-3139.json +++ b/2011/3xxx/CVE-2011-3139.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3139", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2011-3139", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3770.json b/2011/3xxx/CVE-2011-3770.json index daad8f2d4e0..d808d2ee3cb 100644 --- a/2011/3xxx/CVE-2011-3770.json +++ b/2011/3xxx/CVE-2011-3770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpAlbum_v0.4.1.14.fix06", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpAlbum_v0.4.1.14.fix06" - }, - { - "name" : "phpalbum-parameterstpl-path-disclosure(70602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpalbum-parameterstpl-path-disclosure(70602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70602" + }, + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpAlbum_v0.4.1.14.fix06", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpAlbum_v0.4.1.14.fix06" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3850.json b/2011/3xxx/CVE-2011-3850.json index ecc97b183cf..a0324cd9f15 100644 --- a/2011/3xxx/CVE-2011-3850.json +++ b/2011/3xxx/CVE-2011-3850.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sitewat.ch/en/Advisories/8", - "refsource" : "MISC", - "url" : "https://sitewat.ch/en/Advisories/8" - }, - { - "name" : "46297", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/46297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "46297", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/46297" + }, + { + "name": "https://sitewat.ch/en/Advisories/8", + "refsource": "MISC", + "url": "https://sitewat.ch/en/Advisories/8" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3917.json b/2011/3xxx/CVE-2011-3917.json index 92168725c55..7ffe166ed31 100644 --- a/2011/3xxx/CVE-2011-3917.json +++ b/2011/3xxx/CVE-2011-3917.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=105162", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=105162" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14847", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14847", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14847" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=105162", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=105162" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3963.json b/2011/3xxx/CVE-2011-3963.json index 128109ecca5..646fc638c52 100644 --- a/2011/3xxx/CVE-2011-3963.json +++ b/2011/3xxx/CVE-2011-3963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2011-3963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=109094", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=109094" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" - }, - { - "name" : "oval:org.mitre.oval:def:14825", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14825" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 17.0.963.46 does not properly handle PDF FAX images, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=109094", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=109094" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/02/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:14825", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14825" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4556.json b/2011/4xxx/CVE-2011-4556.json index 2884ea52d5e..c9cd7035e89 100644 --- a/2011/4xxx/CVE-2011-4556.json +++ b/2011/4xxx/CVE-2011-4556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4850.json b/2011/4xxx/CVE-2011-4850.json index 5c5afced270..34e0790f045 100644 --- a/2011/4xxx/CVE-2011-4850.json +++ b/2011/4xxx/CVE-2011-4850.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", - "refsource" : "MISC", - "url" : "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html", + "refsource": "MISC", + "url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4859.json b/2011/4xxx/CVE-2011-4859.json index 278c4763aa8..584a79dc035 100644 --- a/2011/4xxx/CVE-2011-4859.json +++ b/2011/4xxx/CVE-2011-4859.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", - "refsource" : "MISC", - "url" : "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf" - }, - { - "name" : "51605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51605" - }, - { - "name" : "47723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47723" - }, - { - "name" : "schneider-modicon-backdoor(72587)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf" + }, + { + "name": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", + "refsource": "MISC", + "url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1" + }, + { + "name": "51605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51605" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf" + }, + { + "name": "47723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47723" + }, + { + "name": "schneider-modicon-backdoor(72587)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1051.json b/2013/1xxx/CVE-2013-1051.json index 8d27d4a06c0..053e8b235c4 100644 --- a/2013/1xxx/CVE-2013-1051.json +++ b/2013/1xxx/CVE-2013-1051.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2013-1051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1762-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1762-1" - }, - { - "name" : "91428", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91428" - }, - { - "name" : "52633", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "91428", + "refsource": "OSVDB", + "url": "http://osvdb.org/91428" + }, + { + "name": "USN-1762-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1762-1" + }, + { + "name": "52633", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52633" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1849.json b/2013/1xxx/CVE-2013-1849.json index 067be78ce1d..59c2a416ff4 100644 --- a/2013/1xxx/CVE-2013-1849.json +++ b/2013/1xxx/CVE-2013-1849.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-1849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130305 Apache Subversion mod_dav_svn DoS via\tMKACTIVITY/PROPFIND", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Mar/56" - }, - { - "name" : "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" - }, - { - "name" : "[subversion-announce] 20130404 Subversion 1.6.21 released", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E" - }, - { - "name" : "http://subversion.apache.org/security/CVE-2013-1849-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.apache.org/security/CVE-2013-1849-advisory.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=929093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=929093" - }, - { - "name" : "MDVSA-2013:153", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" - }, - { - "name" : "RHSA-2013:0737", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0737.html" - }, - { - "name" : "openSUSE-SU-2013:0687", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" - }, - { - "name" : "openSUSE-SU-2013:0932", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html" - }, - { - "name" : "USN-1893-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1893-1" - }, - { - "name" : "oval:org.mitre.oval:def:18980", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130305 Apache Subversion mod_dav_svn DoS via\tMKACTIVITY/PROPFIND", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Mar/56" + }, + { + "name": "oval:org.mitre.oval:def:18980", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18980" + }, + { + "name": "openSUSE-SU-2013:0687", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html" + }, + { + "name": "RHSA-2013:0737", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0737.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=929093", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929093" + }, + { + "name": "[subversion-announce] 20130404 Subversion 1.6.21 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E" + }, + { + "name": "[subversion-announce] 20130404 Apache Subversion 1.7.9 released", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E" + }, + { + "name": "http://subversion.apache.org/security/CVE-2013-1849-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.apache.org/security/CVE-2013-1849-advisory.txt" + }, + { + "name": "USN-1893-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1893-1" + }, + { + "name": "openSUSE-SU-2013:0932", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html" + }, + { + "name": "MDVSA-2013:153", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:153" + } + ] + } +} \ No newline at end of file diff --git a/2013/1xxx/CVE-2013-1931.json b/2013/1xxx/CVE-2013-1931.json index 6979efbbbd0..bcc5c784138 100644 --- a/2013/1xxx/CVE-2013-1931.json +++ b/2013/1xxx/CVE-2013-1931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-1931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-1931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5516.json b/2013/5xxx/CVE-2013-5516.json index 8648285be72..4f0e57f4593 100644 --- a/2013/5xxx/CVE-2013-5516.json +++ b/2013/5xxx/CVE-2013-5516.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5516", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31028", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31028" - }, - { - "name" : "20130930 Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5516" - }, - { - "name" : "1029109", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31028", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31028" + }, + { + "name": "1029109", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029109" + }, + { + "name": "20130930 Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5516" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5564.json b/2013/5xxx/CVE-2013-5564.json index cda68243b46..f7f78b9a371 100644 --- a/2013/5xxx/CVE-2013-5564.json +++ b/2013/5xxx/CVE-2013-5564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131101 Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, aka Bug ID CSCug57345." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131101 Cisco Prime Central for Hosted Collaboration Solution Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5564" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5586.json b/2013/5xxx/CVE-2013-5586.json index bab36115c18..18e1767921f 100644 --- a/2013/5xxx/CVE-2013-5586.json +++ b/2013/5xxx/CVE-2013-5586.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130911 Cross-Site Scripting (XSS) in WikkaWiki", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html" - }, - { - "name" : "20130911 Cross-Site Scripting (XSS) in WikkaWiki", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Sep/47" - }, - { - "name" : "http://packetstormsecurity.com/files/123196", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/123196" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23170", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23170" - }, - { - "name" : "http://docs.wikkawiki.org/WhatsNew134", - "refsource" : "CONFIRM", - "url" : "http://docs.wikkawiki.org/WhatsNew134" - }, - { - "name" : "https://wush.net/trac/wikka/changeset/1896", - "refsource" : "CONFIRM", - "url" : "https://wush.net/trac/wikka/changeset/1896" - }, - { - "name" : "https://wush.net/trac/wikka/changeset/1900", - "refsource" : "CONFIRM", - "url" : "https://wush.net/trac/wikka/changeset/1900" - }, - { - "name" : "https://wush.net/trac/wikka/ticket/1152", - "refsource" : "CONFIRM", - "url" : "https://wush.net/trac/wikka/ticket/1152" - }, - { - "name" : "https://wush.net/trac/wikka/ticket/1153", - "refsource" : "CONFIRM", - "url" : "https://wush.net/trac/wikka/ticket/1153" - }, - { - "name" : "62325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62325" - }, - { - "name" : "97183", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/97183" - }, - { - "name" : "54790", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54790" - }, - { - "name" : "wikkawiki-cve20135586-xss(87013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wush.net/trac/wikka/ticket/1152", + "refsource": "CONFIRM", + "url": "https://wush.net/trac/wikka/ticket/1152" + }, + { + "name": "wikkawiki-cve20135586-xss(87013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87013" + }, + { + "name": "https://wush.net/trac/wikka/changeset/1896", + "refsource": "CONFIRM", + "url": "https://wush.net/trac/wikka/changeset/1896" + }, + { + "name": "http://packetstormsecurity.com/files/123196", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/123196" + }, + { + "name": "https://wush.net/trac/wikka/changeset/1900", + "refsource": "CONFIRM", + "url": "https://wush.net/trac/wikka/changeset/1900" + }, + { + "name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Sep/47" + }, + { + "name": "http://docs.wikkawiki.org/WhatsNew134", + "refsource": "CONFIRM", + "url": "http://docs.wikkawiki.org/WhatsNew134" + }, + { + "name": "20130911 Cross-Site Scripting (XSS) in WikkaWiki", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0048.html" + }, + { + "name": "97183", + "refsource": "OSVDB", + "url": "http://osvdb.org/97183" + }, + { + "name": "62325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62325" + }, + { + "name": "54790", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54790" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23170", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23170" + }, + { + "name": "https://wush.net/trac/wikka/ticket/1153", + "refsource": "CONFIRM", + "url": "https://wush.net/trac/wikka/ticket/1153" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5624.json b/2013/5xxx/CVE-2013-5624.json index 41fb7184655..bc23fff6aff 100644 --- a/2013/5xxx/CVE-2013-5624.json +++ b/2013/5xxx/CVE-2013-5624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5624", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5624", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5735.json b/2013/5xxx/CVE-2013-5735.json index 970dd32de98..1542f9c84db 100644 --- a/2013/5xxx/CVE-2013-5735.json +++ b/2013/5xxx/CVE-2013-5735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2944.json b/2014/2xxx/CVE-2014-2944.json index e6681fb5928..2355d43edfd 100644 --- a/2014/2xxx/CVE-2014-2944.json +++ b/2014/2xxx/CVE-2014-2944.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2944", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-2944", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6127.json b/2014/6xxx/CVE-2014-6127.json index 028a9628e2d..befa270dde6 100644 --- a/2014/6xxx/CVE-2014-6127.json +++ b/2014/6xxx/CVE-2014-6127.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6127", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6127", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6405.json b/2014/6xxx/CVE-2014-6405.json index cd291604df5..54872529663 100644 --- a/2014/6xxx/CVE-2014-6405.json +++ b/2014/6xxx/CVE-2014-6405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6666.json b/2014/6xxx/CVE-2014-6666.json index 1cdbe0a4a31..4b96a0e932b 100644 --- a/2014/6xxx/CVE-2014-6666.json +++ b/2014/6xxx/CVE-2014-6666.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#589537", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/589537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#589537", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/589537" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6973.json b/2014/6xxx/CVE-2014-6973.json index 929e68b7ed9..c9a353d976b 100644 --- a/2014/6xxx/CVE-2014-6973.json +++ b/2014/6xxx/CVE-2014-6973.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#543689", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/543689" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#543689", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/543689" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0009.json b/2017/0xxx/CVE-2017-0009.json index 82c7f5c68c7..dd91cb5ed92 100644 --- a/2017/0xxx/CVE-2017-0009.json +++ b/2017/0xxx/CVE-2017-0009.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer 9 through 11 and Edge" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer 9 through 11 and Edge" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf", - "refsource" : "MISC", - "url" : "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009" - }, - { - "name" : "96077", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96077" - }, - { - "name" : "1038006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Microsoft Browser Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96077", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96077" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0009" + }, + { + "name": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf", + "refsource": "MISC", + "url": "http://www.security-assessment.com/files/documents/advisory/comparestring_infoleak.pdf" + }, + { + "name": "1038006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038006" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0390.json b/2017/0xxx/CVE-2017-0390.json index aa3839b5577..c3899d338eb 100644 --- a/2017/0xxx/CVE-2017-0390.json +++ b/2017/0xxx/CVE-2017-0390.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-0390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-4.4.4" - }, - { - "version_value" : "Android-5.0.2" - }, - { - "version_value" : "Android-5.1.1" - }, - { - "version_value" : "Android-6.0" - }, - { - "version_value" : "Android-6.0.1" - }, - { - "version_value" : "Android-7.0" - }, - { - "version_value" : "Android-7.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2017-0390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-4.4.4" + }, + { + "version_value": "Android-5.0.2" + }, + { + "version_value": "Android-5.1.1" + }, + { + "version_value": "Android-6.0" + }, + { + "version_value": "Android-6.0.1" + }, + { + "version_value": "Android-7.0" + }, + { + "version_value": "Android-7.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0" - }, - { - "name" : "https://source.android.com/security/bulletin/2017-01-01.html", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-01-01.html" - }, - { - "name" : "95230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-01-01.html", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-01-01.html" + }, + { + "name": "95230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95230" + }, + { + "name": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0669.json b/2017/0xxx/CVE-2017-0669.json index 5d5359f983f..bb87020c6e8 100644 --- a/2017/0xxx/CVE-2017-0669.json +++ b/2017/0xxx/CVE-2017-0669.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the Android framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34114752." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99470" + }, + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0977.json b/2017/0xxx/CVE-2017-0977.json index 445756d9410..e8376050a83 100644 --- a/2017/0xxx/CVE-2017-0977.json +++ b/2017/0xxx/CVE-2017-0977.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0977", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0977", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000476.json b/2017/1000xxx/CVE-2017-1000476.json index f1b3eca67c8..50f18931d90 100644 --- a/2017/1000xxx/CVE-2017-1000476.json +++ b/2017/1000xxx/CVE-2017-1000476.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-12-29", - "ID" : "CVE-2017-1000476", - "REQUESTER" : "zhouzhen@nsfocus.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ImageMagick", - "version" : { - "version_data" : [ - { - "version_value" : "ImageMagick 7.0.7-12 Q16" - } - ] - } - } - ] - }, - "vendor_name" : "ImageMagick Studio LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-12-29", + "ID": "CVE-2017-1000476", + "REQUESTER": "zhouzhen@nsfocus.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/867", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/867" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "102428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html" + }, + { + "name": "102428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102428" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/867", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/867" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16210.json b/2017/16xxx/CVE-2017-16210.json index cc046396de5..efa86b550a1 100644 --- a/2017/16xxx/CVE-2017-16210.json +++ b/2017/16xxx/CVE-2017-16210.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-16210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jn_jj_server node module", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-16210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jn_jj_server node module", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jn_jj_server", - "refsource" : "MISC", - "url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jn_jj_server" - }, - { - "name" : "https://nodesecurity.io/advisories/424", - "refsource" : "MISC", - "url" : "https://nodesecurity.io/advisories/424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodesecurity.io/advisories/424", + "refsource": "MISC", + "url": "https://nodesecurity.io/advisories/424" + }, + { + "name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jn_jj_server", + "refsource": "MISC", + "url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jn_jj_server" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16732.json b/2017/16xxx/CVE-2017-16732.json index 87adb9695b0..9d61791975c 100644 --- a/2017/16xxx/CVE-2017-16732.json +++ b/2017/16xxx/CVE-2017-16732.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-16732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "Advantech WebAccess" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-16732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "Advantech WebAccess" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free issue was discovered in Advantech WebAccess versions prior to 8.3. WebAccess allows an unauthenticated attacker to specify an arbitrary address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A" + } + ] + } +} \ No newline at end of file diff --git a/2017/16xxx/CVE-2017-16884.json b/2017/16xxx/CVE-2017-16884.json index 6242f10f244..7787629cf6b 100644 --- a/2017/16xxx/CVE-2017-16884.json +++ b/2017/16xxx/CVE-2017-16884.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-16884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-16884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43205", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43205/" - }, - { - "name" : "20171201 Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/2" - }, - { - "name" : "http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt", - "refsource" : "MISC", - "url" : "http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt" - }, - { - "name" : "http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html" - }, - { - "name" : "https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21", - "refsource" : "CONFIRM", - "url" : "https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html" + }, + { + "name": "20171201 Mist Server v2.12 Unauthenticated Persistent XSS CVE-2017-16884", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/2" + }, + { + "name": "http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt", + "refsource": "MISC", + "url": "http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt" + }, + { + "name": "43205", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43205/" + }, + { + "name": "https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21", + "refsource": "CONFIRM", + "url": "https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1221.json b/2017/1xxx/CVE-2017-1221.json index ea1c7912b53..b8a7370755d 100644 --- a/2017/1xxx/CVE-2017-1221.json +++ b/2017/1xxx/CVE-2017-1221.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-1221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BigFix Platform", - "version" : { - "version_data" : [ - { - "version_value" : "9.2" - }, - { - "version_value" : "9.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-1221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BigFix Platform", + "version": { + "version_data": [ + { + "version_value": "9.2" + }, + { + "version_value": "9.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123861", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123861" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010177", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010177" - }, - { - "name" : "101683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 123861." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101683" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123861", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123861" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010177", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010177" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1261.json b/2017/1xxx/CVE-2017-1261.json index 4567c509306..43db11cdf99 100644 --- a/2017/1xxx/CVE-2017-1261.json +++ b/2017/1xxx/CVE-2017-1261.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-1261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Guardium", - "version" : { - "version_data" : [ - { - "version_value" : "10.0" - }, - { - "version_value" : "10.0.1" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.1.2" - }, - { - "version_value" : "10.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-1261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Guardium", + "version": { + "version_data": [ + { + "version_value": "10.0" + }, + { + "version_value": "10.0.1" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.1.2" + }, + { + "version_value": "10.1.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124736", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124736" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010437", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010437", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010437" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124736", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/124736" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1490.json b/2017/1xxx/CVE-2017-1490.json index cdecd83e2d7..a5cf9e00d78 100644 --- a/2017/1xxx/CVE-2017-1490.json +++ b/2017/1xxx/CVE-2017-1490.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-1490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jazz Reporting Service", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-1490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jazz Reporting Service", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128688", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128688" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008253", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008253" - }, - { - "name" : "100835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22008253", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22008253" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128688", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128688" + }, + { + "name": "100835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100835" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1878.json b/2017/1xxx/CVE-2017-1878.json index 3930b9912e4..a54b3e48fae 100644 --- a/2017/1xxx/CVE-2017-1878.json +++ b/2017/1xxx/CVE-2017-1878.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1878", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1878", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4391.json b/2017/4xxx/CVE-2017-4391.json index 73111318dd2..099b323dc1c 100644 --- a/2017/4xxx/CVE-2017-4391.json +++ b/2017/4xxx/CVE-2017-4391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4391", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4391", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4649.json b/2017/4xxx/CVE-2017-4649.json index 9aef84571b8..b6bb7c9312b 100644 --- a/2017/4xxx/CVE-2017-4649.json +++ b/2017/4xxx/CVE-2017-4649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4649", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4649", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4993.json b/2017/4xxx/CVE-2017-4993.json index 9adf607111a..7458fd3e364 100644 --- a/2017/4xxx/CVE-2017-4993.json +++ b/2017/4xxx/CVE-2017-4993.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4993", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4993", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file