From c91d955b60c0bcc9162d1da35da80714b59ed28f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:53:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0561.json | 200 +++++++++++------------ 2006/3xxx/CVE-2006-3034.json | 160 +++++++++--------- 2006/3xxx/CVE-2006-3687.json | 220 ++++++++++++------------- 2006/3xxx/CVE-2006-3856.json | 200 +++++++++++------------ 2006/3xxx/CVE-2006-3907.json | 190 ++++++++++----------- 2006/3xxx/CVE-2006-3981.json | 130 +++++++-------- 2006/4xxx/CVE-2006-4241.json | 150 ++++++++--------- 2006/4xxx/CVE-2006-4477.json | 290 ++++++++++++++++----------------- 2006/4xxx/CVE-2006-4658.json | 160 +++++++++--------- 2006/4xxx/CVE-2006-4907.json | 150 ++++++++--------- 2006/6xxx/CVE-2006-6242.json | 160 +++++++++--------- 2006/6xxx/CVE-2006-6697.json | 200 +++++++++++------------ 2006/7xxx/CVE-2006-7003.json | 130 +++++++-------- 2010/2xxx/CVE-2010-2305.json | 150 ++++++++--------- 2010/2xxx/CVE-2010-2373.json | 120 +++++++------- 2010/2xxx/CVE-2010-2841.json | 130 +++++++-------- 2010/2xxx/CVE-2010-2976.json | 120 +++++++------- 2010/3xxx/CVE-2010-3631.json | 160 +++++++++--------- 2011/0xxx/CVE-2011-0437.json | 200 +++++++++++------------ 2011/0xxx/CVE-2011-0503.json | 160 +++++++++--------- 2011/0xxx/CVE-2011-0768.json | 34 ++-- 2011/0xxx/CVE-2011-0770.json | 150 ++++++++--------- 2011/1xxx/CVE-2011-1053.json | 140 ++++++++-------- 2011/1xxx/CVE-2011-1468.json | 200 +++++++++++------------ 2011/1xxx/CVE-2011-1627.json | 34 ++-- 2011/1xxx/CVE-2011-1863.json | 180 ++++++++++---------- 2011/4xxx/CVE-2011-4372.json | 150 ++++++++--------- 2011/4xxx/CVE-2011-4764.json | 130 +++++++-------- 2011/5xxx/CVE-2011-5038.json | 140 ++++++++-------- 2011/5xxx/CVE-2011-5302.json | 120 +++++++------- 2014/2xxx/CVE-2014-2617.json | 160 +++++++++--------- 2014/2xxx/CVE-2014-2620.json | 160 +++++++++--------- 2014/3xxx/CVE-2014-3134.json | 160 +++++++++--------- 2014/3xxx/CVE-2014-3294.json | 140 ++++++++-------- 2014/3xxx/CVE-2014-3624.json | 140 ++++++++-------- 2014/3xxx/CVE-2014-3850.json | 130 +++++++-------- 2014/6xxx/CVE-2014-6500.json | 200 +++++++++++------------ 2014/6xxx/CVE-2014-6514.json | 140 ++++++++-------- 2014/6xxx/CVE-2014-6632.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7566.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7753.json | 140 ++++++++-------- 2014/7xxx/CVE-2014-7914.json | 34 ++-- 2016/2xxx/CVE-2016-2091.json | 130 +++++++-------- 2016/2xxx/CVE-2016-2303.json | 120 +++++++------- 2016/2xxx/CVE-2016-2539.json | 140 ++++++++-------- 2016/2xxx/CVE-2016-2628.json | 34 ++-- 2016/2xxx/CVE-2016-2888.json | 120 +++++++------- 2017/18xxx/CVE-2017-18185.json | 140 ++++++++-------- 2017/18xxx/CVE-2017-18256.json | 130 +++++++-------- 2017/1xxx/CVE-2017-1046.json | 34 ++-- 2017/1xxx/CVE-2017-1407.json | 148 ++++++++--------- 2017/1xxx/CVE-2017-1619.json | 34 ++-- 2017/1xxx/CVE-2017-1864.json | 34 ++-- 2017/5xxx/CVE-2017-5681.json | 120 +++++++------- 2017/5xxx/CVE-2017-5763.json | 34 ++-- 55 files changed, 3780 insertions(+), 3780 deletions(-) diff --git a/2006/0xxx/CVE-2006-0561.json b/2006/0xxx/CVE-2006-0561.json index ca9e2ae69d8..9834ace5731 100644 --- a/2006/0xxx/CVE-2006-0561.json +++ b/2006/0xxx/CVE-2006-0561.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0561", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433286/100/0/threaded" - }, - { - "name" : "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433301/100/0/threaded" - }, - { - "name" : "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt", - "refsource" : "MISC", - "url" : "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt" - }, - { - "name" : "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml" - }, - { - "name" : "16743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16743" - }, - { - "name" : "ADV-2006-1741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1741" - }, - { - "name" : "25892", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25892" - }, - { - "name" : "1016042", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016042" - }, - { - "name" : "cisco-acs-admin-password-disclosure(26307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16743" + }, + { + "name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml" + }, + { + "name": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt", + "refsource": "MISC", + "url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt" + }, + { + "name": "1016042", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016042" + }, + { + "name": "25892", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25892" + }, + { + "name": "ADV-2006-1741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1741" + }, + { + "name": "cisco-acs-admin-password-disclosure(26307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307" + }, + { + "name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded" + }, + { + "name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3034.json b/2006/3xxx/CVE-2006-3034.json index 3f3385aa3e8..d6dc9308efc 100644 --- a/2006/3xxx/CVE-2006-3034.json +++ b/2006/3xxx/CVE-2006-3034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 Myscrapbook v3.1 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436792/100/0/threaded" - }, - { - "name" : "ADV-2006-2311", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2311" - }, - { - "name" : "26414", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26414" - }, - { - "name" : "20599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20599" - }, - { - "name" : "myscrapbook-sql-path-disclosure(27165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060611 Myscrapbook v3.1 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436792/100/0/threaded" + }, + { + "name": "ADV-2006-2311", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2311" + }, + { + "name": "20599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20599" + }, + { + "name": "26414", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26414" + }, + { + "name": "myscrapbook-sql-path-disclosure(27165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27165" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3687.json b/2006/3xxx/CVE-2006-3687.json index f44b87ad312..adcc260df0c 100644 --- a/2006/3xxx/CVE-2006-3687.json +++ b/2006/3xxx/CVE-2006-3687.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440298/100/0/threaded" - }, - { - "name" : "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440852/100/100/threaded" - }, - { - "name" : "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20060714.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20060714.html" - }, - { - "name" : "VU#971705", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/971705" - }, - { - "name" : "19006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19006" - }, - { - "name" : "ADV-2006-2829", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2829" - }, - { - "name" : "27333", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27333" - }, - { - "name" : "1016511", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016511" - }, - { - "name" : "21081", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21081" - }, - { - "name" : "dlink-upnp-bo(27755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute arbitrary code via a long M-SEARCH request to UDP port 1900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0363.html" + }, + { + "name": "20060717 [EEYEB-20060227] D-Link Router UPNP Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440298/100/0/threaded" + }, + { + "name": "20060722 RE: [EEYEB-20060227] D-Link Router UPNP Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440852/100/100/threaded" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20060714.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20060714.html" + }, + { + "name": "21081", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21081" + }, + { + "name": "27333", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27333" + }, + { + "name": "ADV-2006-2829", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2829" + }, + { + "name": "VU#971705", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/971705" + }, + { + "name": "19006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19006" + }, + { + "name": "1016511", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016511" + }, + { + "name": "dlink-upnp-bo(27755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27755" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3856.json b/2006/3xxx/CVE-2006-3856.json index 8dff195b488..ae18f88ade5 100644 --- a/2006/3xxx/CVE-2006-3856.json +++ b/2006/3xxx/CVE-2006-3856.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060814 Informix - Discovery, Attack and Defense", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443133/100/0/threaded" - }, - { - "name" : "20060814 Multiple Buffer Overflow Vulnerabilities in Informix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443210/100/0/threaded" - }, - { - "name" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", - "refsource" : "MISC", - "url" : "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" - }, - { - "name" : "19264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19264" - }, - { - "name" : "ADV-2006-3077", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3077" - }, - { - "name" : "27690", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27690" - }, - { - "name" : "21301", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21301" - }, - { - "name" : "informix-unspecified-dos(28131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921" + }, + { + "name": "20060814 Informix - Discovery, Attack and Defense", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded" + }, + { + "name": "27690", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27690" + }, + { + "name": "20060814 Multiple Buffer Overflow Vulnerabilities in Informix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded" + }, + { + "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf", + "refsource": "MISC", + "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf" + }, + { + "name": "21301", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21301" + }, + { + "name": "19264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19264" + }, + { + "name": "ADV-2006-3077", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3077" + }, + { + "name": "informix-unspecified-dos(28131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3907.json b/2006/3xxx/CVE-2006-3907.json index 48df1bb6aec..1403f6dc045 100644 --- a/2006/3xxx/CVE-2006-3907.json +++ b/2006/3xxx/CVE-2006-3907.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060724 Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/440985/100/0/threaded" - }, - { - "name" : "http://www.digitalarmaments.com/2006310665340982.html", - "refsource" : "MISC", - "url" : "http://www.digitalarmaments.com/2006310665340982.html" - }, - { - "name" : "19132", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19132" - }, - { - "name" : "ADV-2006-2969", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2969" - }, - { - "name" : "1016578", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016578" - }, - { - "name" : "21195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21195" - }, - { - "name" : "1292", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1292" - }, - { - "name" : "speedstream-web-interface-dos(27948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1292", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1292" + }, + { + "name": "20060724 Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/440985/100/0/threaded" + }, + { + "name": "ADV-2006-2969", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2969" + }, + { + "name": "http://www.digitalarmaments.com/2006310665340982.html", + "refsource": "MISC", + "url": "http://www.digitalarmaments.com/2006310665340982.html" + }, + { + "name": "1016578", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016578" + }, + { + "name": "21195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21195" + }, + { + "name": "speedstream-web-interface-dos(27948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27948" + }, + { + "name": "19132", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19132" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3981.json b/2006/3xxx/CVE-2006-3981.json index 0323c0ee117..40a3f10aa39 100644 --- a/2006/3xxx/CVE-2006-3981.json +++ b/2006/3xxx/CVE-2006-3981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-3054", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3054" - }, - { - "name" : "mgm-helpmgm-file-include(28072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mgm-helpmgm-file-include(28072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28072" + }, + { + "name": "ADV-2006-3054", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3054" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4241.json b/2006/4xxx/CVE-2006-4241.json index 25898a31b3b..693d2346b35 100644 --- a/2006/4xxx/CVE-2006-4241.json +++ b/2006/4xxx/CVE-2006-4241.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060816 Reporter Mambo Component Remote File İnclude", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/443373/100/0/threaded" - }, - { - "name" : "19553", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19553" - }, - { - "name" : "1419", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1419" - }, - { - "name" : "reporter-reporter-sql-file-include(28412)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1419", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1419" + }, + { + "name": "20060816 Reporter Mambo Component Remote File İnclude", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/443373/100/0/threaded" + }, + { + "name": "19553", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19553" + }, + { + "name": "reporter-reporter-sql-file-include(28412)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28412" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4477.json b/2006/4xxx/CVE-2006-4477.json index 3c58ff51b84..8eb2644df0f 100644 --- a/2006/4xxx/CVE-2006-4477.json +++ b/2006/4xxx/CVE-2006-4477.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060830 ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/444779/100/0/threaded" - }, - { - "name" : "19776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19776" - }, - { - "name" : "ADV-2006-3420", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3420" - }, - { - "name" : "28321", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28321" - }, - { - "name" : "28322", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28322" - }, - { - "name" : "28323", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28323" - }, - { - "name" : "28324", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28324" - }, - { - "name" : "28325", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28325" - }, - { - "name" : "28326", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28326" - }, - { - "name" : "28327", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28327" - }, - { - "name" : "28328", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28328" - }, - { - "name" : "28329", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28329" - }, - { - "name" : "28330", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28330" - }, - { - "name" : "28331", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28331" - }, - { - "name" : "1016770", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016770" - }, - { - "name" : "21703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21703" - }, - { - "name" : "1479", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1479" - }, - { - "name" : "ezcontents-multiple-scripts-file-include(28674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in (a) diary/event_list.php, (b) gallery/gallery_summary.php, (c) guestbook/showguestbook.php, (d) links/showlinks.php, and (e) reviews/review_summary.php; and the (2) GLOBALS[language_home] parameter in (f) calendar/calendar.php, (g) news/shownews.php, (h) poll/showpoll.php, (i) search/search.php, (j) toprated/toprated.php, and (k) whatsnew/whatsnew.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28325", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28325" + }, + { + "name": "28330", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28330" + }, + { + "name": "28331", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28331" + }, + { + "name": "28329", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28329" + }, + { + "name": "1479", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1479" + }, + { + "name": "1016770", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016770" + }, + { + "name": "19776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19776" + }, + { + "name": "28327", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28327" + }, + { + "name": "ADV-2006-3420", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3420" + }, + { + "name": "28324", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28324" + }, + { + "name": "28322", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28322" + }, + { + "name": "28321", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28321" + }, + { + "name": "28326", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28326" + }, + { + "name": "28323", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28323" + }, + { + "name": "21703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21703" + }, + { + "name": "ezcontents-multiple-scripts-file-include(28674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28674" + }, + { + "name": "28328", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28328" + }, + { + "name": "20060830 ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/444779/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4658.json b/2006/4xxx/CVE-2006-4658.json index a70969e61b7..4650a88e05f 100644 --- a/2006/4xxx/CVE-2006-4658.json +++ b/2006/4xxx/CVE-2006-4658.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445479/100/0/threaded" - }, - { - "name" : "http://www.security.nnov.ru/advisories/pandais.asp", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/advisories/pandais.asp" - }, - { - "name" : "19891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19891" - }, - { - "name" : "21769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21769" - }, - { - "name" : "1524", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1524", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1524" + }, + { + "name": "20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445479/100/0/threaded" + }, + { + "name": "19891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19891" + }, + { + "name": "http://www.security.nnov.ru/advisories/pandais.asp", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/advisories/pandais.asp" + }, + { + "name": "21769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21769" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4907.json b/2006/4xxx/CVE-2006-4907.json index 0ce631bac0f..2af3eea072e 100644 --- a/2006/4xxx/CVE-2006-4907.json +++ b/2006/4xxx/CVE-2006-4907.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060918 [RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446372/100/0/threaded" - }, - { - "name" : "22016", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22016" - }, - { - "name" : "1602", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1602" - }, - { - "name" : "osu-httpd-error-path-disclosure(29031)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29031" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060918 [RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature?", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446372/100/0/threaded" + }, + { + "name": "osu-httpd-error-path-disclosure(29031)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29031" + }, + { + "name": "22016", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22016" + }, + { + "name": "1602", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1602" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6242.json b/2006/6xxx/CVE-2006-6242.json index 787fd89b4f4..384ac018a04 100644 --- a/2006/6xxx/CVE-2006-6242.json +++ b/2006/6xxx/CVE-2006-6242.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2869", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2869" - }, - { - "name" : "http://www.s9y.org/forums/viewtopic.php?t=7922", - "refsource" : "MISC", - "url" : "http://www.s9y.org/forums/viewtopic.php?t=7922" - }, - { - "name" : "21367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21367" - }, - { - "name" : "ADV-2006-4782", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4782" - }, - { - "name" : "serendipity-lang-file-include(30615)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, and and (31) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21367" + }, + { + "name": "ADV-2006-4782", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4782" + }, + { + "name": "serendipity-lang-file-include(30615)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30615" + }, + { + "name": "2869", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2869" + }, + { + "name": "http://www.s9y.org/forums/viewtopic.php?t=7922", + "refsource": "MISC", + "url": "http://www.s9y.org/forums/viewtopic.php?t=7922" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6697.json b/2006/6xxx/CVE-2006-6697.json index 58b309c29dc..cdbba6a92d3 100644 --- a/2006/6xxx/CVE-2006-6697.json +++ b/2006/6xxx/CVE-2006-6697.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061220 Oracle Portal 10g HTTP Response Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454945/100/0/threaded" - }, - { - "name" : "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/454965/100/0/threaded" - }, - { - "name" : "20061221 Re: Oracle Portal 10g HTTP Response Splitting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455106/100/0/threaded" - }, - { - "name" : "20061220 Oracle Portal 10g HTTP Response Splitting", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116664018702238&w=2" - }, - { - "name" : "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=116666155824901&w=2" - }, - { - "name" : "21686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21686" - }, - { - "name" : "ADV-2006-5124", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5124" - }, - { - "name" : "23461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23461" - }, - { - "name" : "2057", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2057" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2057", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2057" + }, + { + "name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded" + }, + { + "name": "20061220 Oracle Portal 10g HTTP Response Splitting", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116664018702238&w=2" + }, + { + "name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=116666155824901&w=2" + }, + { + "name": "23461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23461" + }, + { + "name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded" + }, + { + "name": "ADV-2006-5124", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5124" + }, + { + "name": "21686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21686" + }, + { + "name": "20061220 Oracle Portal 10g HTTP Response Splitting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7003.json b/2006/7xxx/CVE-2006-7003.json index 8c285401504..76ddfe82491 100644 --- a/2006/7xxx/CVE-2006-7003.json +++ b/2006/7xxx/CVE-2006-7003.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060614 Fusion Polls (xtrphome) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437127/30/4380/threaded" - }, - { - "name" : "20060624 Re: Fusion Polls (xtrphome) Remote File Inclusion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441493/30/4380/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060614 Fusion Polls (xtrphome) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437127/30/4380/threaded" + }, + { + "name": "20060624 Re: Fusion Polls (xtrphome) Remote File Inclusion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441493/30/4380/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2305.json b/2010/2xxx/CVE-2010-2305.json index 759b042a99a..2ec3dd753c3 100644 --- a/2010/2xxx/CVE-2010-2305.json +++ b/2010/2xxx/CVE-2010-2305.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "13834", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/13834" - }, - { - "name" : "http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/", - "refsource" : "MISC", - "url" : "http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/" - }, - { - "name" : "65539", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65539" - }, - { - "name" : "sygate-setregstring-bo(59408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13834", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/13834" + }, + { + "name": "65539", + "refsource": "OSVDB", + "url": "http://osvdb.org/65539" + }, + { + "name": "sygate-setregstring-bo(59408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59408" + }, + { + "name": "http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/", + "refsource": "MISC", + "url": "http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2373.json b/2010/2xxx/CVE-2010-2373.json index e03622c3783..7d7eb82ac77 100644 --- a/2010/2xxx/CVE-2010-2373.json +++ b/2010/2xxx/CVE-2010-2373.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2010-2373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2841.json b/2010/2xxx/CVE-2010-2841.json index 825baa67792..746d97d64cc 100644 --- a/2010/2xxx/CVE-2010-2841.json +++ b/2010/2xxx/CVE-2010-2841.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21288", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=21288" - }, - { - "name" : "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 4.2 before 4.2.209.0; 4.2M before 4.2.207.54M; 5.0, 5.1, and 6.0 before 6.0.196.0; and 5.2 before 5.2.193.11 allows remote authenticated users to cause a denial of service (device reload) via crafted HTTP packets that trigger invalid arguments to the emweb component, aka Bug ID CSCtd16938." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21288", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=21288" + }, + { + "name": "20100908 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b466e9.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2976.json b/2010/2xxx/CVE-2010-2976.json index eef6b948dc4..06e93cdca4a 100644 --- a/2010/2xxx/CVE-2010-2976.json +++ b/2010/2xxx/CVE-2010-2976.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of \"default\" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The controller in Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 has (1) a default SNMP read-only community of public, (2) a default SNMP read-write community of private, and a value of \"default\" for the (3) SNMP v3 username, (4) SNMP v3 authentication password, and (5) SNMP v3 privacy password, which makes it easier for remote attackers to obtain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/3xxx/CVE-2010-3631.json b/2010/3xxx/CVE-2010-3631.json index c8ddefbaa87..41d3df7e448 100644 --- a/2010/3xxx/CVE-2010-3631.json +++ b/2010/3xxx/CVE-2010-3631.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-3631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2010-3631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb10-21.html" - }, - { - "name" : "SUSE-SA:2010:048", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" - }, - { - "name" : "SUSE-SR:2010:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" - }, - { - "name" : "TA10-279A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14195", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2010:048", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb10-21.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb10-21.html" + }, + { + "name": "TA10-279A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-279A.html" + }, + { + "name": "SUSE-SR:2010:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" + }, + { + "name": "oval:org.mitre.oval:def:14195", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14195" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0437.json b/2011/0xxx/CVE-2011-0437.json index 5612eaa15ee..610afab350f 100644 --- a/2011/0xxx/CVE-2011-0437.json +++ b/2011/0xxx/CVE-2011-0437.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update", - "refsource" : "MLIST", - "url" : "http://www.gplhost.sg/lists/dtcannounce/msg00025.html" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0" - }, - { - "name" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db", - "refsource" : "CONFIRM", - "url" : "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog" - }, - { - "name" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog", - "refsource" : "CONFIRM", - "url" : "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog" - }, - { - "name" : "DSA-2179", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2179" - }, - { - "name" : "43523", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43523" - }, - { - "name" : "ADV-2011-0556", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0556" - }, - { - "name" : "dtc-ssh-sec-bypass(65897)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shared/inc/sql/ssh.php in the SSH accounts management implementation in Domain Technologie Control (DTC) before 0.32.9 allows remote authenticated users to delete arbitrary accounts via the edssh_account parameter in a deletesshaccount Delete action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43523", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43523" + }, + { + "name": "ADV-2011-0556", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0556" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=9b75112fc12fead5740b1aaf0df562b5a9045ec0" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.29.17-1+lenny1/changelog" + }, + { + "name": "DSA-2179", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2179" + }, + { + "name": "dtc-ssh-sec-bypass(65897)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65897" + }, + { + "name": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog", + "refsource": "CONFIRM", + "url": "http://packages.debian.org/changelogs/pool/main/d/dtc/dtc_0.32.10-1/changelog" + }, + { + "name": "[dtcannounce] 20110303 Fwd: [SECURITY] [DSA 2179-1] dtc security update", + "refsource": "MLIST", + "url": "http://www.gplhost.sg/lists/dtcannounce/msg00025.html" + }, + { + "name": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db", + "refsource": "CONFIRM", + "url": "http://git.gplhost.com/gitweb/?p=dtc.git;a=commit;h=c97ab4ae43945de36534c40004d713b3b10113db" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0503.json b/2011/0xxx/CVE-2011-0503.json index 70e1390fc81..4e115f522f6 100644 --- a/2011/0xxx/CVE-2011-0503.json +++ b/2011/0xxx/CVE-2011-0503.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110111 XSRF (CSRF) in VaM Shop", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/515613/100/0/threaded" - }, - { - "name" : "15968", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/15968" - }, - { - "name" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html" - }, - { - "name" : "70431", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70431" - }, - { - "name" : "42869", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "70431", + "refsource": "OSVDB", + "url": "http://osvdb.org/70431" + }, + { + "name": "42869", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42869" + }, + { + "name": "http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_vam_shop.html" + }, + { + "name": "20110111 XSRF (CSRF) in VaM Shop", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/515613/100/0/threaded" + }, + { + "name": "15968", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/15968" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0768.json b/2011/0xxx/CVE-2011-0768.json index 581bb4c518e..130c9294e02 100644 --- a/2011/0xxx/CVE-2011-0768.json +++ b/2011/0xxx/CVE-2011-0768.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0768", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0768", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0770.json b/2011/0xxx/CVE-2011-0770.json index e9b5fc6ff27..ea845807aec 100644 --- a/2011/0xxx/CVE-2011-0770.json +++ b/2011/0xxx/CVE-2011-0770.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2011-0770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#122054", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/122054" - }, - { - "name" : "48694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48694" - }, - { - "name" : "1025791", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025791" - }, - { - "name" : "arcsight-connector-xss(68569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "arcsight-connector-xss(68569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68569" + }, + { + "name": "48694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48694" + }, + { + "name": "VU#122054", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/122054" + }, + { + "name": "1025791", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025791" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1053.json b/2011/1xxx/CVE-2011-1053.json index 42234b96898..37f1721b466 100644 --- a/2011/1xxx/CVE-2011-1053.json +++ b/2011/1xxx/CVE-2011-1053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.hex-rays.com/vulnfix.shtml", - "refsource" : "CONFIRM", - "url" : "https://www.hex-rays.com/vulnfix.shtml" - }, - { - "name" : "46525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46525" - }, - { - "name" : "idapro-macho-dos(65559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a crafted Mach-O file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.hex-rays.com/vulnfix.shtml", + "refsource": "CONFIRM", + "url": "https://www.hex-rays.com/vulnfix.shtml" + }, + { + "name": "idapro-macho-dos(65559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65559" + }, + { + "name": "46525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46525" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1468.json b/2011/1xxx/CVE-2011-1468.json index ad061abf192..ca895775fb1 100644 --- a/2011/1xxx/CVE-2011-1468.json +++ b/2011/1xxx/CVE-2011-1468.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.php.net/bug.php?id=54060", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=54060" - }, - { - "name" : "http://bugs.php.net/bug.php?id=54061", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=54061" - }, - { - "name" : "http://www.php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/ChangeLog-5.php" - }, - { - "name" : "http://support.apple.com/kb/HT5002", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5002" - }, - { - "name" : "APPLE-SA-2011-10-12-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" - }, - { - "name" : "MDVSA-2011:053", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" - }, - { - "name" : "RHSA-2011:1423", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1423.html" - }, - { - "name" : "46977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46977" - }, - { - "name" : "ADV-2011-0744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2011:053", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:053" + }, + { + "name": "http://www.php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/ChangeLog-5.php" + }, + { + "name": "APPLE-SA-2011-10-12-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html" + }, + { + "name": "http://bugs.php.net/bug.php?id=54060", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=54060" + }, + { + "name": "RHSA-2011:1423", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1423.html" + }, + { + "name": "46977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46977" + }, + { + "name": "ADV-2011-0744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0744" + }, + { + "name": "http://support.apple.com/kb/HT5002", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5002" + }, + { + "name": "http://bugs.php.net/bug.php?id=54061", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=54061" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1627.json b/2011/1xxx/CVE-2011-1627.json index 2952e2d5287..321715fb93f 100644 --- a/2011/1xxx/CVE-2011-1627.json +++ b/2011/1xxx/CVE-2011-1627.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1627", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1627", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1863.json b/2011/1xxx/CVE-2011-1863.json index 2dcdb4116c0..16f9d6f29ab 100644 --- a/2011/1xxx/CVE-2011-1863.json +++ b/2011/1xxx/CVE-2011-1863.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "SSRT100487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "48168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48168" - }, - { - "name" : "1025611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025611" - }, - { - "name" : "44836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44836" - }, - { - "name" : "8273", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8273" - }, - { - "name" : "hp-service-manager-unspec-xss(67914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allow remote authenticated users to conduct unspecified script injection attacks via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44836" + }, + { + "name": "8273", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8273" + }, + { + "name": "1025611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025611" + }, + { + "name": "SSRT100487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "HPSBMA02674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "48168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48168" + }, + { + "name": "hp-service-manager-unspec-xss(67914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67914" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4372.json b/2011/4xxx/CVE-2011-4372.json index fd2792fda56..29a9f80d5e2 100644 --- a/2011/4xxx/CVE-2011-4372.json +++ b/2011/4xxx/CVE-2011-4372.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2011-4372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-01.html" - }, - { - "name" : "51349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51349" - }, - { - "name" : "oval:org.mitre.oval:def:14857", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14857" - }, - { - "name" : "1026496", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51349" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" + }, + { + "name": "oval:org.mitre.oval:def:14857", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14857" + }, + { + "name": "1026496", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026496" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4764.json b/2011/4xxx/CVE-2011-4764.json index 3fa9072c8a7..c32dbf05ecd 100644 --- a/2011/4xxx/CVE-2011-4764.json +++ b/2011/4xxx/CVE-2011-4764.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html", - "refsource" : "MISC", - "url" : "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html" - }, - { - "name" : "ppsbp-se-multiple-xss(72216)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72216" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ppsbp-se-multiple-xss(72216)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72216" + }, + { + "name": "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html", + "refsource": "MISC", + "url": "http://xss.cx/examples/plesk-reports/plesk-10.2.0-site-editor.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5038.json b/2011/5xxx/CVE-2011-5038.json index bc251ae1cc9..4bd801d686b 100644 --- a/2011/5xxx/CVE-2011-5038.json +++ b/2011/5xxx/CVE-2011-5038.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "77580", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/77580" - }, - { - "name" : "47140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47140" - }, - { - "name" : "hitappoint-index-sql-injection(71740)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71740" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hitappoint-index-sql-injection(71740)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71740" + }, + { + "name": "77580", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/77580" + }, + { + "name": "47140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47140" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5302.json b/2011/5xxx/CVE-2011-5302.json index 2317085bee2..27670c162ab 100644 --- a/2011/5xxx/CVE-2011-5302.json +++ b/2011/5xxx/CVE-2011-5302.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22970", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22970", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22970" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2617.json b/2014/2xxx/CVE-2014-2617.json index 80a1504182d..27020349ee0 100644 --- a/2014/2xxx/CVE-2014-2617.json +++ b/2014/2xxx/CVE-2014-2617.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU03064", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076" - }, - { - "name" : "SSRT101463", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076" - }, - { - "name" : "68363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68363" - }, - { - "name" : "1030518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030518" - }, - { - "name" : "58912", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1030518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030518" + }, + { + "name": "68363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68363" + }, + { + "name": "HPSBMU03064", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076" + }, + { + "name": "SSRT101463", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04357076" + }, + { + "name": "58912", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58912" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2620.json b/2014/2xxx/CVE-2014-2620.json index b34b0569a09..b47a64c8610 100644 --- a/2014/2xxx/CVE-2014-2620.json +++ b/2014/2xxx/CVE-2014-2620.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2014-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBHF02913", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "SSRT101409", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" - }, - { - "name" : "68544", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68544" - }, - { - "name" : "1030568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030568" - }, - { - "name" : "hp-imc-cve20142620-info-disc(94490)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94490" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-2089." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBHF02913", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + }, + { + "name": "SSRT101409", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04369484" + }, + { + "name": "68544", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68544" + }, + { + "name": "1030568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030568" + }, + { + "name": "hp-imc-cve20142620-info-disc(94490)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94490" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3134.json b/2014/3xxx/CVE-2014-3134.json index 3b38b400ded..d1bd1f371d7 100644 --- a/2014/3xxx/CVE-2014-3134.json +++ b/2014/3xxx/CVE-2014-3134.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3134", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3134", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Apr/303" - }, - { - "name" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010", - "refsource" : "MISC", - "url" : "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" - }, - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1931399", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1931399" - }, - { - "name" : "67110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1931399", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1931399" + }, + { + "name": "20140428 [Onapsis Security Advisory 2014-010] SAP BusinessObjects InfoView Reflected Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Apr/303" + }, + { + "name": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010", + "refsource": "MISC", + "url": "http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-010" + }, + { + "name": "67110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67110" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3294.json b/2014/3xxx/CVE-2014-3294.json index c0aeeeeb75d..ebeacc1a0e2 100644 --- a/2014/3xxx/CVE-2014-3294.json +++ b/2014/3xxx/CVE-2014-3294.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140609 WebEx Meeting Server Sensitive Information Disclosure Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294" - }, - { - "name" : "68001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68001" - }, - { - "name" : "1030412", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030412" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco WebEx Meeting Server does not properly restrict the content of URLs, which allows remote authenticated users to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuj81691." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "68001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68001" + }, + { + "name": "1030412", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030412" + }, + { + "name": "20140609 WebEx Meeting Server Sensitive Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3294" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3624.json b/2014/3xxx/CVE-2014-3624.json index b156d83746e..cb42f93f791 100644 --- a/2014/3xxx/CVE-2014-3624.json +++ b/2014/3xxx/CVE-2014-3624.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[www-announce] 20141101 [ANNOUNCE] Apache Traffic Server 5.1.1 is released!", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F@minotaur.apache.org%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/TS-2677", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/TS-2677" - }, - { - "name" : "101630", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/TS-2677", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/TS-2677" + }, + { + "name": "[www-announce] 20141101 [ANNOUNCE] Apache Traffic Server 5.1.1 is released!", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F@minotaur.apache.org%3E" + }, + { + "name": "101630", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101630" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3850.json b/2014/3xxx/CVE-2014-3850.json index e93a94cf88f..eccb30e56cc 100644 --- a/2014/3xxx/CVE-2014-3850.json +++ b/2014/3xxx/CVE-2014-3850.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140610 CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Jun/63" - }, - { - "name" : "https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations", - "refsource" : "MISC", - "url" : "https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to wp-admin/options-general.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140610 CSRF in Member Approval 131109 permits unapproved registrations (WordPress plugin)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Jun/63" + }, + { + "name": "https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations", + "refsource": "MISC", + "url": "https://security.dxw.com/advisories/csrf-in-member-approval-131109-permits-unapproved-registrations" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6500.json b/2014/6xxx/CVE-2014-6500.json index 7b439c4e255..ca18a86ef30 100644 --- a/2014/6xxx/CVE-2014-6500.json +++ b/2014/6xxx/CVE-2014-6500.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", - "refsource" : "CONFIRM", - "url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201411-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201411-02.xml" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "70478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70478" - }, - { - "name" : "61579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61579" - }, - { - "name" : "62073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/62073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698", + "refsource": "CONFIRM", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698" + }, + { + "name": "62073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/62073" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "GLSA-201411-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201411-02.xml" + }, + { + "name": "70478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70478" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "61579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61579" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6514.json b/2014/6xxx/CVE-2014-6514.json index 43519795f6a..b0c28e308b3 100644 --- a/2014/6xxx/CVE-2014-6514.json +++ b/2014/6xxx/CVE-2014-6514.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "72166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72166" - }, - { - "name" : "1031572", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "1031572", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031572" + }, + { + "name": "72166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72166" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6632.json b/2014/6xxx/CVE-2014-6632.json index b8e73b8088f..545fb086f95 100644 --- a/2014/6xxx/CVE-2014-6632.json +++ b/2014/6xxx/CVE-2014-6632.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html" - }, - { - "name" : "61606", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61606" - }, - { - "name" : "61638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61638" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/594-20140902-core-unauthorised-logins.html" + }, + { + "name": "61638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61638" + }, + { + "name": "61606", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61606" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7566.json b/2014/7xxx/CVE-2014-7566.json index 1422c7fcbbb..b80e1c94ef6 100644 --- a/2014/7xxx/CVE-2014-7566.json +++ b/2014/7xxx/CVE-2014-7566.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#275993", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275993" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#275993", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275993" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7753.json b/2014/7xxx/CVE-2014-7753.json index e2439152cea..d5205d9e61c 100644 --- a/2014/7xxx/CVE-2014-7753.json +++ b/2014/7xxx/CVE-2014-7753.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#762281", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/762281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#762281", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/762281" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7914.json b/2014/7xxx/CVE-2014-7914.json index 2dd7a70dac7..741ec993adc 100644 --- a/2014/7xxx/CVE-2014-7914.json +++ b/2014/7xxx/CVE-2014-7914.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7914", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7914", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2091.json b/2016/2xxx/CVE-2016-2091.json index c15b32819d7..c48e7c87dd1 100644 --- a/2016/2xxx/CVE-2016-2091.json +++ b/2016/2xxx/CVE-2016-2091.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/19/3" - }, - { - "name" : "[oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2016/01/28/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20160119 Re:Re: Buffer Overflow in lha compression utility", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/19/3" + }, + { + "name": "[oss-security] 20160128 Re: an out of bound read is found in libdwarf -20151114", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2016/01/28/8" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2303.json b/2016/2xxx/CVE-2016-2303.json index 3c61b5b88bd..632af7b975e 100644 --- a/2016/2xxx/CVE-2016-2303.json +++ b/2016/2xxx/CVE-2016-2303.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2303", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2016-2303", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-105-03" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2539.json b/2016/2xxx/CVE-2016-2539.json index 8f1034eaeee..5759fd36427 100644 --- a/2016/2xxx/CVE-2016-2539.json +++ b/2016/2xxx/CVE-2016-2539.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-2539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "39524", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/39524/" - }, - { - "name" : "https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html" - }, - { - "name" : "https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac", - "refsource" : "CONFIRM", - "url" : "https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "39524", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/39524/" + }, + { + "name": "https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html" + }, + { + "name": "https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac", + "refsource": "CONFIRM", + "url": "https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2628.json b/2016/2xxx/CVE-2016-2628.json index 46c9bdfcf07..295909fa877 100644 --- a/2016/2xxx/CVE-2016-2628.json +++ b/2016/2xxx/CVE-2016-2628.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2628", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2628", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2888.json b/2016/2xxx/CVE-2016-2888.json index 3e1ac83a040..9c9f73f61d8 100644 --- a/2016/2xxx/CVE-2016-2888.json +++ b/2016/2xxx/CVE-2016-2888.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2016-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21983147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983147" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18185.json b/2017/18xxx/CVE-2017-18185.json index a8d3826e8b0..400baeb1205 100644 --- a/2017/18xxx/CVE-2017-18185.json +++ b/2017/18xxx/CVE-2017-18185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71" - }, - { - "name" : "https://github.com/qpdf/qpdf/issues/150", - "refsource" : "MISC", - "url" : "https://github.com/qpdf/qpdf/issues/150" - }, - { - "name" : "USN-3638-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3638-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71" + }, + { + "name": "USN-3638-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3638-1/" + }, + { + "name": "https://github.com/qpdf/qpdf/issues/150", + "refsource": "MISC", + "url": "https://github.com/qpdf/qpdf/issues/150" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18256.json b/2017/18xxx/CVE-2017-18256.json index 33dbe5c8e8a..25b1522fe1e 100644 --- a/2017/18xxx/CVE-2017-18256.json +++ b/2017/18xxx/CVE-2017-18256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-18256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44474", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44474/" - }, - { - "name" : "https://hackerone.com/reports/176066", - "refsource" : "CONFIRM", - "url" : "https://hackerone.com/reports/176066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Brave Browser before 0.13.0 allows remote attackers to cause a denial of service (resource consumption) via a long alert() argument in JavaScript code, because window dialogs are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/176066", + "refsource": "CONFIRM", + "url": "https://hackerone.com/reports/176066" + }, + { + "name": "44474", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44474/" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1046.json b/2017/1xxx/CVE-2017-1046.json index 685d09c9732..f519979813b 100644 --- a/2017/1xxx/CVE-2017-1046.json +++ b/2017/1xxx/CVE-2017-1046.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1046", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1046", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1407.json b/2017/1xxx/CVE-2017-1407.json index c1dd3d0751a..71d30fb70e2 100644 --- a/2017/1xxx/CVE-2017-1407.json +++ b/2017/1xxx/CVE-2017-1407.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-09-25T00:00:00", - "ID" : "CVE-2017-1407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Manager", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "7.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-09-25T00:00:00", + "ID": "CVE-2017-1407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Manager", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "7.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007377", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007377" - }, - { - "name" : "101015", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 127394." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007377", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007377" + }, + { + "name": "101015", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101015" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127394" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1619.json b/2017/1xxx/CVE-2017-1619.json index 3cd0873d060..95f01e6bd72 100644 --- a/2017/1xxx/CVE-2017-1619.json +++ b/2017/1xxx/CVE-2017-1619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1619", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1619", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1864.json b/2017/1xxx/CVE-2017-1864.json index fa2d492325f..3d7baa2cf79 100644 --- a/2017/1xxx/CVE-2017-1864.json +++ b/2017/1xxx/CVE-2017-1864.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1864", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1864", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5681.json b/2017/5xxx/CVE-2017-5681.json index 6b0b4d7e978..bbcd5e459ca 100644 --- a/2017/5xxx/CVE-2017-5681.json +++ b/2017/5xxx/CVE-2017-5681.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "ID" : "CVE-2017-5681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Quick Assist Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Before v0.5.19" - } - ] - } - } - ] - }, - "vendor_name" : "Intel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "ID": "CVE-2017-5681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Quick Assist Technology", + "version": { + "version_data": [ + { + "version_value": "Before v0.5.19" + } + ] + } + } + ] + }, + "vendor_name": "Intel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr", - "refsource" : "CONFIRM", - "url" : "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr", + "refsource": "CONFIRM", + "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5763.json b/2017/5xxx/CVE-2017-5763.json index e7783b5a84a..6489be11d8a 100644 --- a/2017/5xxx/CVE-2017-5763.json +++ b/2017/5xxx/CVE-2017-5763.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5763", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5763", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file