From caa18b34ce29f0f7d3a0ebb94a67eb1d32fce8e4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:43:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/2xxx/CVE-2006-2338.json | 140 ++++++------- 2006/2xxx/CVE-2006-2821.json | 150 ++++++------- 2006/3xxx/CVE-2006-3540.json | 150 ++++++------- 2006/3xxx/CVE-2006-3903.json | 170 +++++++-------- 2006/4xxx/CVE-2006-4098.json | 190 ++++++++--------- 2006/4xxx/CVE-2006-4855.json | 270 ++++++++++++------------ 2006/6xxx/CVE-2006-6197.json | 160 +++++++------- 2006/6xxx/CVE-2006-6572.json | 190 ++++++++--------- 2006/6xxx/CVE-2006-6714.json | 150 ++++++------- 2006/6xxx/CVE-2006-6940.json | 140 ++++++------- 2006/6xxx/CVE-2006-6993.json | 130 ++++++------ 2006/7xxx/CVE-2006-7086.json | 170 +++++++-------- 2006/7xxx/CVE-2006-7149.json | 160 +++++++------- 2010/2xxx/CVE-2010-2083.json | 120 +++++------ 2010/2xxx/CVE-2010-2436.json | 150 ++++++------- 2011/0xxx/CVE-2011-0463.json | 170 +++++++-------- 2011/0xxx/CVE-2011-0854.json | 120 +++++------ 2011/0xxx/CVE-2011-0861.json | 120 +++++------ 2011/0xxx/CVE-2011-0978.json | 210 +++++++++---------- 2011/1xxx/CVE-2011-1020.json | 260 +++++++++++------------ 2011/1xxx/CVE-2011-1540.json | 160 +++++++------- 2011/1xxx/CVE-2011-1699.json | 180 ++++++++-------- 2011/1xxx/CVE-2011-1776.json | 190 ++++++++--------- 2011/3xxx/CVE-2011-3360.json | 200 +++++++++--------- 2011/3xxx/CVE-2011-3479.json | 140 ++++++------- 2011/4xxx/CVE-2011-4170.json | 120 +++++------ 2011/4xxx/CVE-2011-4702.json | 120 +++++------ 2011/4xxx/CVE-2011-4719.json | 120 +++++------ 2011/4xxx/CVE-2011-4801.json | 140 ++++++------- 2011/4xxx/CVE-2011-4971.json | 190 ++++++++--------- 2013/5xxx/CVE-2013-5045.json | 150 ++++++------- 2014/2xxx/CVE-2014-2160.json | 120 +++++------ 2014/2xxx/CVE-2014-2426.json | 120 +++++------ 2014/2xxx/CVE-2014-2525.json | 330 ++++++++++++++--------------- 2014/2xxx/CVE-2014-2736.json | 150 ++++++------- 2014/2xxx/CVE-2014-2993.json | 140 ++++++------- 2014/3xxx/CVE-2014-3193.json | 160 +++++++------- 2014/3xxx/CVE-2014-3638.json | 220 ++++++++++---------- 2014/6xxx/CVE-2014-6129.json | 120 +++++------ 2014/6xxx/CVE-2014-6321.json | 200 +++++++++--------- 2014/6xxx/CVE-2014-6591.json | 370 ++++++++++++++++----------------- 2014/7xxx/CVE-2014-7518.json | 140 ++++++------- 2014/7xxx/CVE-2014-7544.json | 140 ++++++------- 2014/7xxx/CVE-2014-7546.json | 140 ++++++------- 2017/0xxx/CVE-2017-0054.json | 34 +-- 2017/0xxx/CVE-2017-0322.json | 120 +++++------ 2017/18xxx/CVE-2017-18298.json | 140 ++++++------- 2017/1xxx/CVE-2017-1403.json | 34 +-- 2017/1xxx/CVE-2017-1607.json | 166 +++++++-------- 2017/5xxx/CVE-2017-5027.json | 130 ++++++------ 2017/5xxx/CVE-2017-5036.json | 170 +++++++-------- 2017/5xxx/CVE-2017-5408.json | 304 +++++++++++++-------------- 2017/5xxx/CVE-2017-5592.json | 160 +++++++------- 2017/5xxx/CVE-2017-5891.json | 130 ++++++------ 54 files changed, 4384 insertions(+), 4384 deletions(-) diff --git a/2006/2xxx/CVE-2006-2338.json b/2006/2xxx/CVE-2006-2338.json index db1a164e269..21ddc548ac0 100644 --- a/2006/2xxx/CVE-2006-2338.json +++ b/2006/2xxx/CVE-2006-2338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 plaNetStat Admin ByPass", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433372/100/0/threaded" - }, - { - "name" : "874", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/874" - }, - { - "name" : "planetstat-security-bypass(26436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060509 plaNetStat Admin ByPass", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433372/100/0/threaded" + }, + { + "name": "planetstat-security-bypass(26436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26436" + }, + { + "name": "874", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/874" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2821.json b/2006/2xxx/CVE-2006-2821.json index c2f05a594dd..98bd69af366 100644 --- a/2006/2xxx/CVE-2006-2821.json +++ b/2006/2xxx/CVE-2006-2821.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060602 Pro Publish SQL Injection and XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435787/100/0/threaded" - }, - { - "name" : "http://soot.shabgard.org/bugs/propublish.txt", - "refsource" : "MISC", - "url" : "http://soot.shabgard.org/bugs/propublish.txt" - }, - { - "name" : "18243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18243" - }, - { - "name" : "1027", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1027" + }, + { + "name": "18243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18243" + }, + { + "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded" + }, + { + "name": "http://soot.shabgard.org/bugs/propublish.txt", + "refsource": "MISC", + "url": "http://soot.shabgard.org/bugs/propublish.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3540.json b/2006/3xxx/CVE-2006-3540.json index 8c1ac57f448..79f1d17e3ea 100644 --- a/2006/3xxx/CVE-2006-3540.json +++ b/2006/3xxx/CVE-2006-3540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VETFDDNT\\Enum argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060703 ZoneAlarm Insufficient protection of registry key 'VETFDDNT\\Enum' Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438970/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php" - }, - { - "name" : "18789", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18789" - }, - { - "name" : "zonealarm-registrykey-dos(27584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, 6.1.737.000, and possibly other versions do not properly validate RegSaveKey, RegRestoreKey, and RegDeleteKey function calls, which allows local users to cause a denial of service (system crash) via a certain combination of these function calls with an HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VETFDDNT\\Enum argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060703 ZoneAlarm Insufficient protection of registry key 'VETFDDNT\\Enum' Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438970/100/0/threaded" + }, + { + "name": "zonealarm-registrykey-dos(27584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27584" + }, + { + "name": "18789", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18789" + }, + { + "name": "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/ZoneAlarm-Insufficient-protection-of-registry-key-VETFDDNT-Enum.php" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3903.json b/2006/3xxx/CVE-2006-3903.json index 7bfdf03597c..994bf7839e9 100644 --- a/2006/3xxx/CVE-2006-3903.json +++ b/2006/3xxx/CVE-2006-3903.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=114791192612460&w=2" - }, - { - "name" : "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/441356/100/0/threaded" - }, - { - "name" : "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html" - }, - { - "name" : "26557", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=26557" - }, - { - "name" : "26558", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=26558" - }, - { - "name" : "mybloggie-index-admin-crlf-injection(26484)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046094.html" + }, + { + "name": "mybloggie-index-admin-crlf-injection(26484)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26484" + }, + { + "name": "20060727 Re: HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/441356/100/0/threaded" + }, + { + "name": "26557", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26557" + }, + { + "name": "26558", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26558" + }, + { + "name": "20060517 HYSA-2006-008 myBloggie 2.1.3 CRLF & SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=114791192612460&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4098.json b/2006/4xxx/CVE-2006-4098.json index 3acd7ee8a11..fc747b4f1eb 100644 --- a/2006/4xxx/CVE-2006-4098.json +++ b/2006/4xxx/CVE-2006-4098.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#477164", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/477164" - }, - { - "name" : "21900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21900" - }, - { - "name" : "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml" - }, - { - "name" : "ADV-2007-0068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0068" - }, - { - "name" : "36126", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/36126" - }, - { - "name" : "1017475", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017475" - }, - { - "name" : "23629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23629" - }, - { - "name" : "cisco-acs-csradius-bo(31327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23629" + }, + { + "name": "21900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21900" + }, + { + "name": "VU#477164", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/477164" + }, + { + "name": "cisco-acs-csradius-bo(31327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327" + }, + { + "name": "ADV-2007-0068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0068" + }, + { + "name": "1017475", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017475" + }, + { + "name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml" + }, + { + "name": "36126", + "refsource": "OSVDB", + "url": "http://osvdb.org/36126" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4855.json b/2006/4xxx/CVE-2006-4855.json index d8208f94917..c162f9b6b08 100644 --- a/2006/4xxx/CVE-2006-4855.json +++ b/2006/4xxx/CVE-2006-4855.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 Symantec Norton Insufficient validation of 'SymEvent' driver input buffer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446111/100/0/threaded" - }, - { - "name" : "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php", - "refsource" : "MISC", - "url" : "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html" - }, - { - "name" : "20051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20051" - }, - { - "name" : "ADV-2006-3636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3636" - }, - { - "name" : "1016889", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016889" - }, - { - "name" : "1016892", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016892" - }, - { - "name" : "1016893", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016893" - }, - { - "name" : "1016894", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016894" - }, - { - "name" : "1016895", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016895" - }, - { - "name" : "1016896", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016896" - }, - { - "name" : "1016897", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016897" - }, - { - "name" : "1016898", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016898" - }, - { - "name" : "21938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21938" - }, - { - "name" : "1591", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1591" - }, - { - "name" : "symantec-firewall-symevent-dos(28960)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1016892", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016892" + }, + { + "name": "21938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21938" + }, + { + "name": "1016893", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016893" + }, + { + "name": "1016895", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016895" + }, + { + "name": "1016889", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016889" + }, + { + "name": "20060915 Symantec Norton Insufficient validation of 'SymEvent' driver input buffer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded" + }, + { + "name": "1016897", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016897" + }, + { + "name": "1591", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1591" + }, + { + "name": "1016896", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016896" + }, + { + "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php", + "refsource": "MISC", + "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php" + }, + { + "name": "20051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20051" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html" + }, + { + "name": "ADV-2006-3636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3636" + }, + { + "name": "symantec-firewall-symevent-dos(28960)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960" + }, + { + "name": "1016894", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016894" + }, + { + "name": "1016898", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016898" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6197.json b/2006/6xxx/CVE-2006-6197.json index b438501f0c7..d5add951eb2 100644 --- a/2006/6xxx/CVE-2006-6197.json +++ b/2006/6xxx/CVE-2006-6197.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061128 b2evolution XSS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452895/100/0/threaded" - }, - { - "name" : "21334", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21334" - }, - { - "name" : "23148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23148" - }, - { - "name" : "1944", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1944" - }, - { - "name" : "b2evolution-multiple-messages-xss(30562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061128 b2evolution XSS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452895/100/0/threaded" + }, + { + "name": "23148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23148" + }, + { + "name": "1944", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1944" + }, + { + "name": "21334", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21334" + }, + { + "name": "b2evolution-multiple-messages-xss(30562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30562" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6572.json b/2006/6xxx/CVE-2006-6572.json index ec01fcfb54c..1df087da5ea 100644 --- a/2006/6xxx/CVE-2006-6572.json +++ b/2006/6xxx/CVE-2006-6572.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX111614", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX111614" - }, - { - "name" : "http://support.citrix.com/article/CTX111615", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX111615" - }, - { - "name" : "21080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21080" - }, - { - "name" : "ADV-2006-4525", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4525" - }, - { - "name" : "1017227", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017227" - }, - { - "name" : "22909", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22909" - }, - { - "name" : "citrix-access-login-security-bypass(30302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30302" - }, - { - "name" : "citrix-access-browser-security-bypass(30303)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1017227", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017227" + }, + { + "name": "ADV-2006-4525", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4525" + }, + { + "name": "21080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21080" + }, + { + "name": "http://support.citrix.com/article/CTX111615", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX111615" + }, + { + "name": "citrix-access-browser-security-bypass(30303)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30303" + }, + { + "name": "citrix-access-login-security-bypass(30302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30302" + }, + { + "name": "http://support.citrix.com/article/CTX111614", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX111614" + }, + { + "name": "22909", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22909" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6714.json b/2006/6xxx/CVE-2006-6714.json index 4ead324592a..48c834bbb8e 100644 --- a/2006/6xxx/CVE-2006-6714.json +++ b/2006/6xxx/CVE-2006-6714.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html" - }, - { - "name" : "21692", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21692" - }, - { - "name" : "ADV-2006-5098", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5098" - }, - { - "name" : "23421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5098", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5098" + }, + { + "name": "23421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23421" + }, + { + "name": "21692", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21692" + }, + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-018_e/01-e.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6940.json b/2006/6xxx/CVE-2006-6940.json index 9991adc9f94..1c5edb9a440 100644 --- a/2006/6xxx/CVE-2006-6940.json +++ b/2006/6xxx/CVE-2006-6940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=473941&group_id=152204", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=473941&group_id=152204" - }, - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1621688&group_id=152204&atid=783596", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1621688&group_id=152204&atid=783596" - }, - { - "name" : "ADV-2007-0160", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2007-0160", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0160" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=473941&group_id=152204", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=473941&group_id=152204" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1621688&group_id=152204&atid=783596", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1621688&group_id=152204&atid=783596" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6993.json b/2006/6xxx/CVE-2006-6993.json index de482786532..42ddd5615c5 100644 --- a/2006/6xxx/CVE-2006-6993.json +++ b/2006/6xxx/CVE-2006-6993.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ADV-2006-1406", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1406" - }, - { - "name" : "19703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19703" + }, + { + "name": "ADV-2006-1406", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1406" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7086.json b/2006/7xxx/CVE-2006-7086.json index 796593db7a0..70f86500881 100644 --- a/2006/7xxx/CVE-2006-7086.json +++ b/2006/7xxx/CVE-2006-7086.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061115 Hot Links download backup authorized vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116370290529916&w=2" - }, - { - "name" : "20061115 Hot Links download backup authorized vulnerabilities (re-post)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116373064308228&w=2" - }, - { - "name" : "21112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21112" - }, - { - "name" : "ADV-2006-4585", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4585" - }, - { - "name" : "22970", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22970" - }, - { - "name" : "hotlinks-dlback-information-disclosure(30340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hotlinks-dlback-information-disclosure(30340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30340" + }, + { + "name": "22970", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22970" + }, + { + "name": "20061115 Hot Links download backup authorized vulnerabilities (re-post)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116373064308228&w=2" + }, + { + "name": "21112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21112" + }, + { + "name": "ADV-2006-4585", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4585" + }, + { + "name": "20061115 Hot Links download backup authorized vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116370290529916&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7149.json b/2006/7xxx/CVE-2006-7149.json index 54e0e90906f..9a98fdf1487 100644 --- a/2006/7xxx/CVE-2006-7149.json +++ b/2006/7xxx/CVE-2006-7149.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061020 [KAPDA::#60] Mambo V4.6.x vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449305/100/0/threaded" - }, - { - "name" : "http://www.kapda.ir/advisory-444.html", - "refsource" : "MISC", - "url" : "http://www.kapda.ir/advisory-444.html" - }, - { - "name" : "20650", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20650" - }, - { - "name" : "2379", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2379" - }, - { - "name" : "mambo-comments-xss(29708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061020 [KAPDA::#60] Mambo V4.6.x vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449305/100/0/threaded" + }, + { + "name": "2379", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2379" + }, + { + "name": "mambo-comments-xss(29708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29708" + }, + { + "name": "20650", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20650" + }, + { + "name": "http://www.kapda.ir/advisory-444.html", + "refsource": "MISC", + "url": "http://www.kapda.ir/advisory-444.html" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2083.json b/2010/2xxx/CVE-2010-2083.json index e326043c9b1..0e11daf0084 100644 --- a/2010/2xxx/CVE-2010-2083.json +++ b/2010/2xxx/CVE-2010-2083.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.christopherkois.com/?p=448", - "refsource" : "MISC", - "url" : "http://www.christopherkois.com/?p=448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Dynamics GP has a default value of ACCESS for the system password, which might make it easier for remote authenticated users to bypass intended access restrictions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.christopherkois.com/?p=448", + "refsource": "MISC", + "url": "http://www.christopherkois.com/?p=448" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2436.json b/2010/2xxx/CVE-2010-2436.json index 214f013abb3..17769a5cc46 100644 --- a/2010/2xxx/CVE-2010-2436.json +++ b/2010/2xxx/CVE-2010-2436.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100611 SQL injection vulnerability in AneCMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/511812/100/0/threaded" - }, - { - "name" : "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html", - "refsource" : "MISC", - "url" : "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html" - }, - { - "name" : "40840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/40840" - }, - { - "name" : "anecms-index-sql-injection(59436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "40840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/40840" + }, + { + "name": "20100611 SQL injection vulnerability in AneCMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/511812/100/0/threaded" + }, + { + "name": "anecms-index-sql-injection(59436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59436" + }, + { + "name": "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html", + "refsource": "MISC", + "url": "http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0463.json b/2011/0xxx/CVE-2011-0463.json index 626ab633434..3f234b635db 100644 --- a/2011/0xxx/CVE-2011-0463.json +++ b/2011/0xxx/CVE-2011-0463.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ocfs2-devel] 20110217 [PATCH] Treat writes as new when holes span across page boundaries", - "refsource" : "MLIST", - "url" : "http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=272b62c1f0f6f742046e45b50b6fec98860208a0", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=272b62c1f0f6f742046e45b50b6fec98860208a0" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=673037", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=673037" - }, - { - "name" : "USN-1146-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1146-1" - }, - { - "name" : "43966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1146-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1146-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=272b62c1f0f6f742046e45b50b6fec98860208a0", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=272b62c1f0f6f742046e45b50b6fec98860208a0" + }, + { + "name": "43966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43966" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=673037", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=673037" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc1" + }, + { + "name": "[ocfs2-devel] 20110217 [PATCH] Treat writes as new when holes span across page boundaries", + "refsource": "MLIST", + "url": "http://oss.oracle.com/pipermail/ocfs2-devel/2011-February/007846.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0854.json b/2011/0xxx/CVE-2011-0854.json index 0d5a1711b9e..23ea0e2c335 100644 --- a/2011/0xxx/CVE-2011-0854.json +++ b/2011/0xxx/CVE-2011-0854.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 Bundle #5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to ePerformance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0861.json b/2011/0xxx/CVE-2011-0861.json index b55e86db117..be0188beb70 100644 --- a/2011/0xxx/CVE-2011-0861.json +++ b/2011/0xxx/CVE-2011-0861.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2011-0861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Update 2011-B and 9.1 Update 2011-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0978.json b/2011/0xxx/CVE-2011-0978.json index bbeae01afe0..4f3026f12d5 100644 --- a/2011/0xxx/CVE-2011-0978.json +++ b/2011/0xxx/CVE-2011-0978.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka \"Excel Array Indexing Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-042/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-042/" - }, - { - "name" : "MS11-021", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" - }, - { - "name" : "TA11-102A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" - }, - { - "name" : "oval:org.mitre.oval:def:12439", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439" - }, - { - "name" : "1025337", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025337" - }, - { - "name" : "43232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43232" - }, - { - "name" : "39122", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39122" - }, - { - "name" : "8231", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8231" - }, - { - "name" : "ADV-2011-0940", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0940" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka \"Excel Array Indexing Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:12439", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12439" + }, + { + "name": "TA11-102A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html" + }, + { + "name": "39122", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39122" + }, + { + "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft" + }, + { + "name": "43232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43232" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-042/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-042/" + }, + { + "name": "1025337", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025337" + }, + { + "name": "MS11-021", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-021" + }, + { + "name": "8231", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8231" + }, + { + "name": "ADV-2011-0940", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0940" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1020.json b/2011/1xxx/CVE-2011-1020.json index 88f82d1c631..1962a37ebcc 100644 --- a/2011/1xxx/CVE-2011-1020.json +++ b/2011/1xxx/CVE-2011-1020.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110122 Proc filesystem and SUID-Binaries", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2011/Jan/421" - }, - { - "name" : "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/7/414" - }, - { - "name" : "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/7/474" - }, - { - "name" : "[linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/7/368" - }, - { - "name" : "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/7/404" - }, - { - "name" : "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/7/466" - }, - { - "name" : "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/9/417" - }, - { - "name" : "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "https://lkml.org/lkml/2011/2/10/21" - }, - { - "name" : "[oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/24/18" - }, - { - "name" : "[oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/02/25/2" - }, - { - "name" : "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/", - "refsource" : "MISC", - "url" : "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/" - }, - { - "name" : "46567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46567" - }, - { - "name" : "43496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43496" - }, - { - "name" : "8107", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8107" - }, - { - "name" : "kernel-procpid-security-bypass(65693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kernel-procpid-security-bypass(65693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65693" + }, + { + "name": "8107", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8107" + }, + { + "name": "43496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43496" + }, + { + "name": "[oss-security] 20110224 CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/24/18" + }, + { + "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/7/466" + }, + { + "name": "[oss-security] 20110225 Re: CVE request: kernel: /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/02/25/2" + }, + { + "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/7/414" + }, + { + "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/10/21" + }, + { + "name": "46567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46567" + }, + { + "name": "[linux-kernel] 20110207 [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/7/368" + }, + { + "name": "[linux-kernel] 20110209 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/9/417" + }, + { + "name": "[linux-kernel] 20110207 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/7/474" + }, + { + "name": "[linux-kernel] 20110208 Re: [SECURITY] /proc/$pid/ leaks contents across setuid exec", + "refsource": "MLIST", + "url": "https://lkml.org/lkml/2011/2/7/404" + }, + { + "name": "20110122 Proc filesystem and SUID-Binaries", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2011/Jan/421" + }, + { + "name": "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/", + "refsource": "MISC", + "url": "http://www.halfdog.net/Security/2011/SuidBinariesAndProcInterface/" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1540.json b/2011/1xxx/CVE-2011-1540.json index e946f18aab9..f071a6b1421 100644 --- a/2011/1xxx/CVE-2011-1540.json +++ b/2011/1xxx/CVE-2011-1540.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02662", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "SSRT100409", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130331363227777&w=2" - }, - { - "name" : "47507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47507" - }, - { - "name" : "1025414", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025414" - }, - { - "name" : "8233", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8233" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025414", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025414" + }, + { + "name": "47507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47507" + }, + { + "name": "HPSBMA02662", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + }, + { + "name": "8233", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8233" + }, + { + "name": "SSRT100409", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130331363227777&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1699.json b/2011/1xxx/CVE-2011-1699.json index a57083db32d..6322b15c7b6 100644 --- a/2011/1xxx/CVE-2011-1699.json +++ b/2011/1xxx/CVE-2011-1699.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110606 ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518266/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-172/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-172/" - }, - { - "name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008720", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008720" - }, - { - "name" : "48124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48124" - }, - { - "name" : "1025606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025606" - }, - { - "name" : "44811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44811" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-172/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-172/" + }, + { + "name": "1025606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025606" + }, + { + "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~" + }, + { + "name": "20110606 ZDI-11-172: Novell iPrint nipplib.dll uri Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518266/100/0/threaded" + }, + { + "name": "44811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44811" + }, + { + "name": "48124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48124" + }, + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008720", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008720" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1776.json b/2011/1xxx/CVE-2011-1776.json index 6ad83f1b211..7b2a7eacb1e 100644 --- a/2011/1xxx/CVE-2011-1776.json +++ b/2011/1xxx/CVE-2011-1776.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110510 Re: CVE request: kernel: validate size of EFI GUID partition entries", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/05/10/4" - }, - { - "name" : "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt", - "refsource" : "MISC", - "url" : "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa039d5f6b126fbd65eefa05db2f67e44df8f121", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa039d5f6b126fbd65eefa05db2f67e44df8f121" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=703026", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=703026" - }, - { - "name" : "RHSA-2011:0927", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html" - }, - { - "name" : "47796", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47796" - }, - { - "name" : "8369", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:0927", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html" + }, + { + "name": "[oss-security] 20110510 Re: CVE request: kernel: validate size of EFI GUID partition entries", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/05/10/4" + }, + { + "name": "8369", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8369" + }, + { + "name": "47796", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47796" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa039d5f6b126fbd65eefa05db2f67e44df8f121", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa039d5f6b126fbd65eefa05db2f67e44df8f121" + }, + { + "name": "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt", + "refsource": "MISC", + "url": "http://www.pre-cert.de/advisories/PRE-SA-2011-04.txt" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=703026", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=703026" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3360.json b/2011/3xxx/CVE-2011-3360.json index 5dcdf1e8443..4cdea6d162b 100644 --- a/2011/3xxx/CVE-2011-3360.json +++ b/2011/3xxx/CVE-2011-3360.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110913 CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/13/1" - }, - { - "name" : "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/09/14/5" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2011-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2011-15.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=737784", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=737784" - }, - { - "name" : "DSA-2324", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2011/dsa-2324" - }, - { - "name" : "MDVSA-2011:138", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138" - }, - { - "name" : "75347", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/75347" - }, - { - "name" : "oval:org.mitre.oval:def:15059", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2324", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2011/dsa-2324" + }, + { + "name": "[oss-security] 20110914 Re: CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/14/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=737784", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737784" + }, + { + "name": "75347", + "refsource": "OSVDB", + "url": "http://osvdb.org/75347" + }, + { + "name": "MDVSA-2011:138", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:138" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2011-15.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2011-15.html" + }, + { + "name": "oval:org.mitre.oval:def:15059", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059" + }, + { + "name": "[oss-security] 20110913 CVE Request: Multiple issues fixed in wireshark 1.6.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/09/13/1" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3479.json b/2011/3xxx/CVE-2011-3479.json index f34aa032e01..d51cc25f0c4 100644 --- a/2011/3xxx/CVE-2011-3479.json +++ b/2011/3xxx/CVE-2011-3479.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00" - }, - { - "name" : "51593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51593" - }, - { - "name" : "48092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00" + }, + { + "name": "48092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48092" + }, + { + "name": "51593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51593" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4170.json b/2011/4xxx/CVE-2011-4170.json index d4dac1336ea..89ef5bcefc9 100644 --- a/2011/4xxx/CVE-2011-4170.json +++ b/2011/4xxx/CVE-2011-4170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=662035", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=662035" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=662035", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=662035" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4702.json b/2011/4xxx/CVE-2011-4702.json index 5a5df1dd10a..f4392f697e1 100644 --- a/2011/4xxx/CVE-2011-4702.json +++ b/2011/4xxx/CVE-2011-4702.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4702-vulnerability-in-Nimbuzz.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4702-vulnerability-in-Nimbuzz.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4702-vulnerability-in-Nimbuzz.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4702-vulnerability-in-Nimbuzz.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4719.json b/2011/4xxx/CVE-2011-4719.json index e076e49d24a..027b0763e1e 100644 --- a/2011/4xxx/CVE-2011-4719.json +++ b/2011/4xxx/CVE-2011-4719.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2011/12/beta-channel-update-for-chromebooks.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2011/12/beta-channel-update-for-chromebooks.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2011/12/beta-channel-update-for-chromebooks.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2011/12/beta-channel-update-for-chromebooks.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4801.json b/2011/4xxx/CVE-2011-4801.json index 1dbb6243a0b..2713a630326 100644 --- a/2011/4xxx/CVE-2011-4801.json +++ b/2011/4xxx/CVE-2011-4801.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18117", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18117" - }, - { - "name" : "http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection", - "refsource" : "MISC", - "url" : "http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection" - }, - { - "name" : "https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2", - "refsource" : "CONFIRM", - "url" : "https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18117", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18117" + }, + { + "name": "https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2", + "refsource": "CONFIRM", + "url": "https://support.authenex.com/index.php?/Knowledgebase/Article/View/124/0/asas3103update2" + }, + { + "name": "http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection", + "refsource": "MISC", + "url": "http://www.foregroundsecurity.com/security-advisories/101-authenex-a-keyasas-web-management-control-3102-time-based-sql-injection" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4971.json b/2011/4xxx/CVE-2011-4971.json index 9c575f5aa57..aaa237479fd 100644 --- a/2011/4xxx/CVE-2011-4971.json +++ b/2011/4xxx/CVE-2011-4971.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://insecurety.net/?p=872", - "refsource" : "MISC", - "url" : "http://insecurety.net/?p=872" - }, - { - "name" : "https://code.google.com/p/memcached/issues/detail?id=192", - "refsource" : "MISC", - "url" : "https://code.google.com/p/memcached/issues/detail?id=192" - }, - { - "name" : "https://puppet.com/security/cve/cve-2011-4971", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2011-4971" - }, - { - "name" : "DSA-2832", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2832" - }, - { - "name" : "MDVSA-2013:280", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:280" - }, - { - "name" : "USN-2080-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2080-1" - }, - { - "name" : "59567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/59567" - }, - { - "name" : "56183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://insecurety.net/?p=872", + "refsource": "MISC", + "url": "http://insecurety.net/?p=872" + }, + { + "name": "MDVSA-2013:280", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:280" + }, + { + "name": "https://code.google.com/p/memcached/issues/detail?id=192", + "refsource": "MISC", + "url": "https://code.google.com/p/memcached/issues/detail?id=192" + }, + { + "name": "USN-2080-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2080-1" + }, + { + "name": "59567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/59567" + }, + { + "name": "https://puppet.com/security/cve/cve-2011-4971", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2011-4971" + }, + { + "name": "DSA-2832", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2832" + }, + { + "name": "56183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56183" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5045.json b/2013/5xxx/CVE-2013-5045.json index 91f76dbd618..1d0f3a21f92 100644 --- a/2013/5xxx/CVE-2013-5045.json +++ b/2013/5xxx/CVE-2013-5045.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2013-5045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33893", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/33893" - }, - { - "name" : "http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html" - }, - { - "name" : "MS13-097", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" - }, - { - "name" : "100757", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/100757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka \"Internet Explorer Elevation of Privilege Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100757", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/100757" + }, + { + "name": "33893", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/33893" + }, + { + "name": "MS13-097", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-097" + }, + { + "name": "http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/127245/MS13-097-Registry-Symlink-IE-Sandbox-Escape.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2160.json b/2014/2xxx/CVE-2014-2160.json index 53e42dd25c5..5d9e3d7d548 100644 --- a/2014/2xxx/CVE-2014-2160.json +++ b/2014/2xxx/CVE-2014-2160.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-2160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The H.225 subsystem in Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted packets, aka Bug ID CSCty45745." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140430 Multiple Vulnerabilities in Cisco TelePresence System MXP Series", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2426.json b/2014/2xxx/CVE-2014-2426.json index 284f1cda6a7..7afcc008d7c 100644 --- a/2014/2xxx/CVE-2014-2426.json +++ b/2014/2xxx/CVE-2014-2426.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-2426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2525.json b/2014/2xxx/CVE-2014-2525.json index 13fa877260d..63bda5fc51e 100644 --- a/2014/2xxx/CVE-2014-2525.json +++ b/2014/2xxx/CVE-2014-2525.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2525", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2525", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ocert.org/advisories/ocert-2014-003.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2014-003.html" - }, - { - "name" : "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" - }, - { - "name" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", - "refsource" : "CONFIRM", - "url" : "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" - }, - { - "name" : "http://support.apple.com/kb/HT6443", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT6443" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0150.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0150.html" - }, - { - "name" : "https://puppet.com/security/cve/cve-2014-2525", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2014-2525" - }, - { - "name" : "DSA-2884", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2884" - }, - { - "name" : "DSA-2885", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2885" - }, - { - "name" : "MDVSA-2015:060", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" - }, - { - "name" : "RHSA-2014:0353", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0353.html" - }, - { - "name" : "RHSA-2014:0354", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0354.html" - }, - { - "name" : "RHSA-2014:0355", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0355.html" - }, - { - "name" : "openSUSE-SU-2014:0500", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html" - }, - { - "name" : "openSUSE-SU-2015:0319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" - }, - { - "name" : "openSUSE-SU-2016:1067", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" - }, - { - "name" : "USN-2160-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2160-1" - }, - { - "name" : "66478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66478" - }, - { - "name" : "57836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57836" - }, - { - "name" : "57966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57966" - }, - { - "name" : "57968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66478" + }, + { + "name": "57836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57836" + }, + { + "name": "https://puppet.com/security/cve/cve-2014-2525", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2014-2525" + }, + { + "name": "MDVSA-2015:060", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2014-003.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2014-003.html" + }, + { + "name": "DSA-2885", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2885" + }, + { + "name": "USN-2160-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2160-1" + }, + { + "name": "openSUSE-SU-2015:0319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html" + }, + { + "name": "RHSA-2014:0355", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html" + }, + { + "name": "DSA-2884", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2884" + }, + { + "name": "RHSA-2014:0354", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/" + }, + { + "name": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0150.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0150.html" + }, + { + "name": "openSUSE-SU-2014:0500", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html" + }, + { + "name": "http://support.apple.com/kb/HT6443", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT6443" + }, + { + "name": "openSUSE-SU-2016:1067", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html" + }, + { + "name": "RHSA-2014:0353", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html" + }, + { + "name": "57968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57968" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" + }, + { + "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", + "refsource": "CONFIRM", + "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/" + }, + { + "name": "57966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57966" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2736.json b/2014/2xxx/CVE-2014-2736.json index 0600388447f..f74952ac8d9 100644 --- a/2014/2xxx/CVE-2014-2736.json +++ b/2014/2xxx/CVE-2014-2736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140419 Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.html" - }, - { - "name" : "http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection", - "refsource" : "CONFIRM", - "url" : "http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection" - }, - { - "name" : "66990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66990" - }, - { - "name" : "58036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/58036" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "66990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66990" + }, + { + "name": "58036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/58036" + }, + { + "name": "20140419 Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0124.html" + }, + { + "name": "http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection", + "refsource": "CONFIRM", + "url": "http://forums.modx.com/thread/90173/modx-revolution-2-2-13-and-prior-blind-sql-injection" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2993.json b/2014/2xxx/CVE-2014-2993.json index 6a06e8ba107..f9b0dc03209 100644 --- a/2014/2xxx/CVE-2014-2993.json +++ b/2014/2xxx/CVE-2014-2993.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140424 Birebin.com Android App SSL certificate validation weakness", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0153.html" - }, - { - "name" : "http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-", - "refsource" : "MISC", - "url" : "http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" - }, - { - "name" : "67524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67524" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140424 Birebin.com Android App SSL certificate validation weakness", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0153.html" + }, + { + "name": "http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-", + "refsource": "MISC", + "url": "http://sceptive.com/p/birebincom-android-app-ssl-certificate-validation-weakness-" + }, + { + "name": "67524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67524" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3193.json b/2014/3xxx/CVE-2014-3193.json index 018221440b9..614bf06c7f1 100644 --- a/2014/3xxx/CVE-2014-3193.json +++ b/2014/3xxx/CVE-2014-3193.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage \"type confusion\" for callback processing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2014-3193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" - }, - { - "name" : "https://codereview.chromium.org/500143002/", - "refsource" : "CONFIRM", - "url" : "https://codereview.chromium.org/500143002/" - }, - { - "name" : "https://crbug.com/399655", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/399655" - }, - { - "name" : "RHSA-2014:1626", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1626.html" - }, - { - "name" : "70273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage \"type confusion\" for callback processing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:1626", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html" + }, + { + "name": "https://crbug.com/399655", + "refsource": "CONFIRM", + "url": "https://crbug.com/399655" + }, + { + "name": "70273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70273" + }, + { + "name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html" + }, + { + "name": "https://codereview.chromium.org/500143002/", + "refsource": "CONFIRM", + "url": "https://codereview.chromium.org/500143002/" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3638.json b/2014/3xxx/CVE-2014-3638.json index de62edcc0ea..65387ea7e27 100644 --- a/2014/3xxx/CVE-2014-3638.json +++ b/2014/3xxx/CVE-2014-3638.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2014-3638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/09/16/9" - }, - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=81053", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=81053" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2014-0395.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2014-0395.html" - }, - { - "name" : "DSA-3026", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3026" - }, - { - "name" : "MDVSA-2015:176", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" - }, - { - "name" : "SUSE-SU-2014:1146", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" - }, - { - "name" : "openSUSE-SU-2014:1239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" - }, - { - "name" : "USN-2352-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2352-1" - }, - { - "name" : "1030864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030864" - }, - { - "name" : "61378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61378" - }, - { - "name" : "61431", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-2352-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2352-1" + }, + { + "name": "openSUSE-SU-2014:1239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00049.html" + }, + { + "name": "SUSE-SU-2014:1146", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00026.html" + }, + { + "name": "61378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61378" + }, + { + "name": "[oss-security] 20140916 CVE-2014-3635 to 3639: security issues in D-Bus < 1.8.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/09/16/9" + }, + { + "name": "1030864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030864" + }, + { + "name": "61431", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61431" + }, + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=81053", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=81053" + }, + { + "name": "http://advisories.mageia.org/MGASA-2014-0395.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2014-0395.html" + }, + { + "name": "DSA-3026", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3026" + }, + { + "name": "MDVSA-2015:176", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:176" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6129.json b/2014/6xxx/CVE-2014-6129.json index 6fad9b73cf1..a4c4157a225 100644 --- a/2014/6xxx/CVE-2014-6129.json +++ b/2014/6xxx/CVE-2014-6129.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698247", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698247" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6321.json b/2014/6xxx/CVE-2014-6321.json index 94798245173..1e9ee42f343 100644 --- a/2014/6xxx/CVE-2014-6321.json +++ b/2014/6xxx/CVE-2014-6321.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka \"Microsoft Schannel Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-6321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.beyondtrust.com/triggering-ms14-066", - "refsource" : "MISC", - "url" : "http://blog.beyondtrust.com/triggering-ms14-066" - }, - { - "name" : "http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/", - "refsource" : "MISC", - "url" : "http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/" - }, - { - "name" : "HPSBGN03258", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142384364031268&w=2" - }, - { - "name" : "SSRT101856", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142384364031268&w=2" - }, - { - "name" : "MS14-066", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-066" - }, - { - "name" : "TA14-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA14-318A" - }, - { - "name" : "VU#505120", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/505120" - }, - { - "name" : "70954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70954" - }, - { - "name" : "59800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka \"Microsoft Schannel Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA14-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA14-318A" + }, + { + "name": "http://blog.beyondtrust.com/triggering-ms14-066", + "refsource": "MISC", + "url": "http://blog.beyondtrust.com/triggering-ms14-066" + }, + { + "name": "59800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59800" + }, + { + "name": "SSRT101856", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142384364031268&w=2" + }, + { + "name": "70954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70954" + }, + { + "name": "HPSBGN03258", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142384364031268&w=2" + }, + { + "name": "MS14-066", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-066" + }, + { + "name": "http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/", + "refsource": "MISC", + "url": "http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/" + }, + { + "name": "VU#505120", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/505120" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6591.json b/2014/6xxx/CVE-2014-6591.json index 37754db7525..e5365d88687 100644 --- a/2014/6xxx/CVE-2014-6591.json +++ b/2014/6xxx/CVE-2014-6591.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2014-6591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" - }, - { - "name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", - "refsource" : "CONFIRM", - "url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" - }, - { - "name" : "DSA-3144", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3144" - }, - { - "name" : "DSA-3147", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3147" - }, - { - "name" : "GLSA-201603-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201603-14" - }, - { - "name" : "GLSA-201507-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201507-14" - }, - { - "name" : "HPSBUX03273", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "SSRT101951", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142496355704097&w=2" - }, - { - "name" : "HPSBUX03281", - "refsource" : "HP", - "url" : "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" - }, - { - "name" : "SSRT101968", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=142607790919348&w=2" - }, - { - "name" : "RHSA-2015:0136", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0136.html" - }, - { - "name" : "RHSA-2015:0068", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0068.html" - }, - { - "name" : "RHSA-2015:0079", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0079.html" - }, - { - "name" : "RHSA-2015:0080", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" - }, - { - "name" : "RHSA-2015:0085", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0085.html" - }, - { - "name" : "RHSA-2015:0086", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0086.html" - }, - { - "name" : "RHSA-2015:0264", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0264.html" - }, - { - "name" : "SUSE-SU-2015:0336", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" - }, - { - "name" : "openSUSE-SU-2015:0190", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" - }, - { - "name" : "SUSE-SU-2015:0503", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" - }, - { - "name" : "USN-2486-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2486-1" - }, - { - "name" : "USN-2487-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2487-1" - }, - { - "name" : "72175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72175" - }, - { - "name" : "1031580", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2015:0503", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html" + }, + { + "name": "DSA-3144", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3144" + }, + { + "name": "RHSA-2015:0136", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0136.html" + }, + { + "name": "RHSA-2015:0079", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0079.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0003.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" + }, + { + "name": "RHSA-2015:0264", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0264.html" + }, + { + "name": "USN-2487-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2487-1" + }, + { + "name": "72175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72175" + }, + { + "name": "RHSA-2015:0085", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0085.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "name": "RHSA-2015:0086", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0086.html" + }, + { + "name": "GLSA-201603-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201603-14" + }, + { + "name": "SUSE-SU-2015:0336", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" + }, + { + "name": "RHSA-2015:0080", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html" + }, + { + "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474", + "refsource": "CONFIRM", + "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21695474" + }, + { + "name": "RHSA-2015:0068", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0068.html" + }, + { + "name": "USN-2486-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2486-1" + }, + { + "name": "GLSA-201507-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201507-14" + }, + { + "name": "SSRT101951", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "HPSBUX03281", + "refsource": "HP", + "url": "http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581" + }, + { + "name": "SSRT101968", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142607790919348&w=2" + }, + { + "name": "openSUSE-SU-2015:0190", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html" + }, + { + "name": "HPSBUX03273", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=142496355704097&w=2" + }, + { + "name": "1031580", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031580" + }, + { + "name": "DSA-3147", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3147" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7518.json b/2014/7xxx/CVE-2014-7518.json index 2caff7fb5ca..b3480c28ab1 100644 --- a/2014/7xxx/CVE-2014-7518.json +++ b/2014/7xxx/CVE-2014-7518.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application 6.1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#600097", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/600097" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application 6.1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#600097", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/600097" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7544.json b/2014/7xxx/CVE-2014-7544.json index dc94f2ae164..47a72de7a72 100644 --- a/2014/7xxx/CVE-2014-7544.json +++ b/2014/7xxx/CVE-2014-7544.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#508577", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/508577" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#508577", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/508577" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7546.json b/2014/7xxx/CVE-2014-7546.json index dc78daf8098..ec0140a2ffc 100644 --- a/2014/7xxx/CVE-2014-7546.json +++ b/2014/7xxx/CVE-2014-7546.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#768089", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/768089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#768089", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/768089" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0054.json b/2017/0xxx/CVE-2017-0054.json index 2b1bd27aaba..fe55f165053 100644 --- a/2017/0xxx/CVE-2017-0054.json +++ b/2017/0xxx/CVE-2017-0054.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0054", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0054", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0322.json b/2017/0xxx/CVE-2017-0322.json index 42f4e99d009..839e4cc68a5 100644 --- a/2017/0xxx/CVE-2017-0322.json +++ b/2017/0xxx/CVE-2017-0322.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "All" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service (BSOD), Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (BSOD), Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18298.json b/2017/18xxx/CVE-2017-18298.json index 605086897c8..5ef9eb91709 100644 --- a/2017/18xxx/CVE-2017-18298.json +++ b/2017/18xxx/CVE-2017-18298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null Pointer Dereference in Broadcast" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null Pointer Dereference in Broadcast" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1403.json b/2017/1xxx/CVE-2017-1403.json index 847e5b6f4a9..06798c93ac8 100644 --- a/2017/1xxx/CVE-2017-1403.json +++ b/2017/1xxx/CVE-2017-1403.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1403", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1403", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1607.json b/2017/1xxx/CVE-2017-1607.json index 273c50572b6..a40e0912747 100644 --- a/2017/1xxx/CVE-2017-1607.json +++ b/2017/1xxx/CVE-2017-1607.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-11-16T00:00:00", - "ID" : "CVE-2017-1607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational DOORS Next Generation", - "version" : { - "version_data" : [ - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-11-16T00:00:00", + "ID": "CVE-2017-1607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational DOORS Next Generation", + "version": { + "version_data": [ + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132927", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132927" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22010329", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22010329" - }, - { - "name" : "101904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101904" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132927." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22010329", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22010329" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132927", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132927" + }, + { + "name": "101904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101904" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5027.json b/2017/5xxx/CVE-2017-5027.json index c5fdd6014e8..67243ed9f0c 100644 --- a/2017/5xxx/CVE-2017-5027.json +++ b/2017/5xxx/CVE-2017-5027.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "insufficient policy enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/661126", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/661126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insufficient policy enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html" + }, + { + "name": "https://crbug.com/661126", + "refsource": "CONFIRM", + "url": "https://crbug.com/661126" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5036.json b/2017/5xxx/CVE-2017-5036.json index 41f15c168a9..13b92a3d57b 100644 --- a/2017/5xxx/CVE-2017-5036.json +++ b/2017/5xxx/CVE-2017-5036.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 57.0.2987.98 for Mac, Windows and Linux, and 57.0.2987.108 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/691371", - "refsource" : "CONFIRM", - "url" : "https://crbug.com/691371" - }, - { - "name" : "DSA-3810", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3810" - }, - { - "name" : "GLSA-201704-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-02" - }, - { - "name" : "RHSA-2017:0499", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0499.html" - }, - { - "name" : "96767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96767" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201704-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-02" + }, + { + "name": "https://crbug.com/691371", + "refsource": "CONFIRM", + "url": "https://crbug.com/691371" + }, + { + "name": "DSA-3810", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3810" + }, + { + "name": "96767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96767" + }, + { + "name": "RHSA-2017:0499", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5408.json b/2017/5xxx/CVE-2017-5408.json index 94ed0d70a43..b5c5fa2cef8 100644 --- a/2017/5xxx/CVE-2017-5408.json +++ b/2017/5xxx/CVE-2017-5408.json @@ -1,154 +1,154 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-5408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52" - }, - { - "version_affected" : "<", - "version_value" : "45.8" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-origin reading of video captions in violation of CORS" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-5408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52" + }, + { + "version_affected": "<", + "version_value": "45.8" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1313711", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1313711" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-05/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-05/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-06/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-06/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-07/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-07/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-09/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-09/" - }, - { - "name" : "DSA-3805", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3805" - }, - { - "name" : "DSA-3832", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3832" - }, - { - "name" : "GLSA-201705-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-06" - }, - { - "name" : "GLSA-201705-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-07" - }, - { - "name" : "RHSA-2017:0459", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0459.html" - }, - { - "name" : "RHSA-2017:0461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0461.html" - }, - { - "name" : "RHSA-2017:0498", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0498.html" - }, - { - "name" : "96693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96693" - }, - { - "name" : "1037966", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-origin reading of video captions in violation of CORS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1313711", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1313711" + }, + { + "name": "96693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96693" + }, + { + "name": "RHSA-2017:0459", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0459.html" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-09/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-09/" + }, + { + "name": "DSA-3832", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-07/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-07/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-05/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-05/" + }, + { + "name": "1037966", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037966" + }, + { + "name": "GLSA-201705-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-06" + }, + { + "name": "RHSA-2017:0461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0461.html" + }, + { + "name": "DSA-3805", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3805" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-06/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-06/" + }, + { + "name": "RHSA-2017:0498", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0498.html" + }, + { + "name": "GLSA-201705-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-07" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5592.json b/2017/5xxx/CVE-2017-5592.json index 79014fd52aa..7abe79c0079 100644 --- a/2017/5xxx/CVE-2017-5592.json +++ b/2017/5xxx/CVE-2017-5592.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/02/09/29", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/02/09/29" - }, - { - "name" : "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b", - "refsource" : "MISC", - "url" : "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b" - }, - { - "name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" - }, - { - "name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" - }, - { - "name" : "96173", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/02/09/29", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/02/09/29" + }, + { + "name": "96173", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96173" + }, + { + "name": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b", + "refsource": "MISC", + "url": "https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b" + }, + { + "name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", + "refsource": "MISC", + "url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" + }, + { + "name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", + "refsource": "MISC", + "url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5891.json b/2017/5xxx/CVE-2017-5891.json index 6d6b703354f..769a18ef630 100644 --- a/2017/5xxx/CVE-2017-5891.json +++ b/2017/5xxx/CVE-2017-5891.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.asus.com/support/Download/11/2/0/161/45/", - "refsource" : "MISC", - "url" : "https://www.asus.com/support/Download/11/2/0/161/45/" - }, - { - "name" : "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/", - "refsource" : "MISC", - "url" : "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/", + "refsource": "MISC", + "url": "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/" + }, + { + "name": "https://www.asus.com/support/Download/11/2/0/161/45/", + "refsource": "MISC", + "url": "https://www.asus.com/support/Download/11/2/0/161/45/" + } + ] + } +} \ No newline at end of file