diff --git a/2001/1xxx/CVE-2001-1421.json b/2001/1xxx/CVE-2001-1421.json index c29bebc8e7d..995546d670a 100644 --- a/2001/1xxx/CVE-2001-1421.json +++ b/2001/1xxx/CVE-2001-1421.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2001-1421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2001-1421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20011006 AIM Exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/218920" - }, - { - "name" : "20011230 Windows AIM Client Exploits", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/247707" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/JARL-569MD7", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/JARL-569MD7" - }, - { - "name" : "VU#530299", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/530299" - }, - { - "name" : "3756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3756" - }, - { - "name" : "aim-multiple-fonts-dos(7757)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7757" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/JARL-569MD7", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/JARL-569MD7" + }, + { + "name": "3756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3756" + }, + { + "name": "20011006 AIM Exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/218920" + }, + { + "name": "aim-multiple-fonts-dos(7757)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7757" + }, + { + "name": "VU#530299", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/530299" + }, + { + "name": "20011230 Windows AIM Client Exploits", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/247707" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2502.json b/2006/2xxx/CVE-2006-2502.json index 33f86c0b6c9..01f02e6af50 100644 --- a/2006/2xxx/CVE-2006-2502.json +++ b/2006/2xxx/CVE-2006-2502.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060521 Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0527.html" - }, - { - "name" : "18056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18056" - }, - { - "name" : "ADV-2006-1891", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1891" - }, - { - "name" : "1016131", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016131" - }, - { - "name" : "cyrus-imap-pop3d-bo(26578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18056" + }, + { + "name": "cyrus-imap-pop3d-bo(26578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26578" + }, + { + "name": "1016131", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016131" + }, + { + "name": "20060521 Cyrus IMAPD pop3d remote compromise aka cyrusFUCK3d", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0527.html" + }, + { + "name": "ADV-2006-1891", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1891" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2741.json b/2006/2xxx/CVE-2006-2741.json index 5bad0eb98b2..1954d389570 100644 --- a/2006/2xxx/CVE-2006-2741.json +++ b/2006/2xxx/CVE-2006-2741.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060528 Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/435281/100/0/threaded" - }, - { - "name" : "http://www.nukedx.com/?getxpl=33", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?getxpl=33" - }, - { - "name" : "http://www.nukedx.com/?viewdoc=33", - "refsource" : "MISC", - "url" : "http://www.nukedx.com/?viewdoc=33" - }, - { - "name" : "18147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18147" - }, - { - "name" : "1016172", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016172" - }, - { - "name" : "1011", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1011" - }, - { - "name" : "tinybb-forgot-xss(26829)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26829" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nukedx.com/?viewdoc=33", + "refsource": "MISC", + "url": "http://www.nukedx.com/?viewdoc=33" + }, + { + "name": "1016172", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016172" + }, + { + "name": "18147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18147" + }, + { + "name": "tinybb-forgot-xss(26829)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26829" + }, + { + "name": "20060528 Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/435281/100/0/threaded" + }, + { + "name": "1011", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1011" + }, + { + "name": "http://www.nukedx.com/?getxpl=33", + "refsource": "MISC", + "url": "http://www.nukedx.com/?getxpl=33" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3012.json b/2006/3xxx/CVE-2006-3012.json index daeb466698e..b6c41ceef25 100644 --- a/2006/3xxx/CVE-2006-3012.json +++ b/2006/3xxx/CVE-2006-3012.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060615 Advisory: Authentication bypass in phpBannerExchange", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437290/100/0/threaded" - }, - { - "name" : "20060615 Advisory: Authentication bypass in phpBannerExchange", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046954.html" - }, - { - "name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt", - "refsource" : "MISC", - "url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt" - }, - { - "name" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", - "refsource" : "CONFIRM", - "url" : "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php" - }, - { - "name" : "18448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18448" - }, - { - "name" : "ADV-2006-2402", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2402" - }, - { - "name" : "26510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26510" - }, - { - "name" : "phpbannerexchange-stats-sql-injection(27195)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpbannerexchange-stats-sql-injection(27195)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27195" + }, + { + "name": "18448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18448" + }, + { + "name": "26510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26510" + }, + { + "name": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php", + "refsource": "CONFIRM", + "url": "http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php" + }, + { + "name": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt", + "refsource": "MISC", + "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt" + }, + { + "name": "20060615 Advisory: Authentication bypass in phpBannerExchange", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437290/100/0/threaded" + }, + { + "name": "ADV-2006-2402", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2402" + }, + { + "name": "20060615 Advisory: Authentication bypass in phpBannerExchange", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046954.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3243.json b/2006/3xxx/CVE-2006-3243.json index 63b9c433f60..f0686b02421 100644 --- a/2006/3xxx/CVE-2006-3243.json +++ b/2006/3xxx/CVE-2006-3243.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060622 [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438209" - }, - { - "name" : "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html" - }, - { - "name" : "http://community.mybboard.net/showthread.php?tid=9955", - "refsource" : "CONFIRM", - "url" : "http://community.mybboard.net/showthread.php?tid=9955" - }, - { - "name" : "ADV-2006-2511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2511" - }, - { - "name" : "20795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20795" - }, - { - "name" : "1147", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1147" - }, - { - "name" : "mybb-showcodebuttons-sql-injection(27410)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-06-21/mybb113option-update-for-code-buttonssql-injection-admin-access.html" + }, + { + "name": "20060622 [KAPDA]MyBB1.1.3~Option update for code buttons~Sql Injection Admin Access", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438209" + }, + { + "name": "mybb-showcodebuttons-sql-injection(27410)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27410" + }, + { + "name": "http://community.mybboard.net/showthread.php?tid=9955", + "refsource": "CONFIRM", + "url": "http://community.mybboard.net/showthread.php?tid=9955" + }, + { + "name": "1147", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1147" + }, + { + "name": "ADV-2006-2511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2511" + }, + { + "name": "20795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20795" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6072.json b/2006/6xxx/CVE-2006-6072.json index 91856d82cf7..3aa13ce220b 100644 --- a/2006/6xxx/CVE-2006-6072.json +++ b/2006/6xxx/CVE-2006-6072.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21094" - }, - { - "name" : "ADV-2006-4514", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4514" - }, - { - "name" : "22888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4514", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4514" + }, + { + "name": "22888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22888" + }, + { + "name": "21094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21094" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6174.json b/2006/6xxx/CVE-2006-6174.json index 1058c48a4e4..64d74076b93 100644 --- a/2006/6xxx/CVE-2006-6174.json +++ b/2006/6xxx/CVE-2006-6174.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tdiary.org/download/tdiary.20061126.patch", - "refsource" : "MISC", - "url" : "http://www.tdiary.org/download/tdiary.20061126.patch" - }, - { - "name" : "http://sourceforge.net/forum/forum.php?forum_id=638868", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/forum/forum.php?forum_id=638868" - }, - { - "name" : "http://www.tdiary.org/20061126.html", - "refsource" : "CONFIRM", - "url" : "http://www.tdiary.org/20061126.html" - }, - { - "name" : "JVN#47223461", - "refsource" : "JVN", - "url" : "http://jvn.jp/jp/JVN%2347223461/index.html" - }, - { - "name" : "21321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21321" - }, - { - "name" : "ADV-2006-4722", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4722" - }, - { - "name" : "30701", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30701" - }, - { - "name" : "31993", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/31993" - }, - { - "name" : "23092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tdiary.org/download/tdiary.20061126.patch", + "refsource": "MISC", + "url": "http://www.tdiary.org/download/tdiary.20061126.patch" + }, + { + "name": "http://www.tdiary.org/20061126.html", + "refsource": "CONFIRM", + "url": "http://www.tdiary.org/20061126.html" + }, + { + "name": "http://sourceforge.net/forum/forum.php?forum_id=638868", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/forum/forum.php?forum_id=638868" + }, + { + "name": "30701", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30701" + }, + { + "name": "23092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23092" + }, + { + "name": "JVN#47223461", + "refsource": "JVN", + "url": "http://jvn.jp/jp/JVN%2347223461/index.html" + }, + { + "name": "ADV-2006-4722", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4722" + }, + { + "name": "21321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21321" + }, + { + "name": "31993", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/31993" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6665.json b/2006/6xxx/CVE-2006-6665.json index 09a5003ff07..f696fc06b92 100644 --- a/2006/6xxx/CVE-2006-6665.json +++ b/2006/6xxx/CVE-2006-6665.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6665", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6665", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2950", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2950" - }, - { - "name" : "21657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21657" - }, - { - "name" : "ADV-2006-5066", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5066" - }, - { - "name" : "23367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-5066", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5066" + }, + { + "name": "2950", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2950" + }, + { + "name": "21657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21657" + }, + { + "name": "23367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23367" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6756.json b/2006/6xxx/CVE-2006-6756.json index d7439b5ee11..637b82dc018 100644 --- a/2006/6xxx/CVE-2006-6756.json +++ b/2006/6xxx/CVE-2006-6756.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455084/100/0/threaded" - }, - { - "name" : "http://acid-root.new.fr/poc/16061221.txt", - "refsource" : "MISC", - "url" : "http://acid-root.new.fr/poc/16061221.txt" - }, - { - "name" : "2975", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2975" - }, - { - "name" : "2073", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2073" - }, - { - "name" : "ixprim-ixpcode-brute-force(31142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ixprim-ixpcode-brute-force(31142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31142" + }, + { + "name": "20061221 Ixprim CMS 1.2 Remote Blind SQL Injection Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455084/100/0/threaded" + }, + { + "name": "2975", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2975" + }, + { + "name": "http://acid-root.new.fr/poc/16061221.txt", + "refsource": "MISC", + "url": "http://acid-root.new.fr/poc/16061221.txt" + }, + { + "name": "2073", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2073" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6987.json b/2006/6xxx/CVE-2006-6987.json index 4a923109e78..699129427f4 100644 --- a/2006/6xxx/CVE-2006-6987.json +++ b/2006/6xxx/CVE-2006-6987.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/multiple-browsers-information.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7051.json b/2006/7xxx/CVE-2006-7051.json index e650d5c344e..d7ddfcd4f81 100644 --- a/2006/7xxx/CVE-2006-7051.json +++ b/2006/7xxx/CVE-2006-7051.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060404 Linux Kernel Local DoS vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/430278/30/5790/threaded" - }, - { - "name" : "1657", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1657" - }, - { - "name" : "2287", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/2287" - }, - { - "name" : "linux-systimercreate-dos(25712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix timers, which are allocated in kernel memory but are not treated as part of the process' memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1657", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1657" + }, + { + "name": "2287", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/2287" + }, + { + "name": "linux-systimercreate-dos(25712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25712" + }, + { + "name": "20060404 Linux Kernel Local DoS vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/430278/30/5790/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0003.json b/2011/0xxx/CVE-2011-0003.json index 9aab0104f88..45a91a8bbb7 100644 --- a/2011/0xxx/CVE-2011-0003.json +++ b/2011/0xxx/CVE-2011-0003.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-0003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20110104 MediaWiki security release 1.16.1", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html" - }, - { - "name" : "[oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/04/6" - }, - { - "name" : "[oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/01/04/12" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561" - }, - { - "name" : "FEDORA-2011-5807", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" - }, - { - "name" : "FEDORA-2011-5812", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" - }, - { - "name" : "FEDORA-2011-5848", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" - }, - { - "name" : "70272", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/70272" - }, - { - "name" : "42810", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42810" - }, - { - "name" : "ADV-2011-0017", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0017" - }, - { - "name" : "mediawiki-frames-clickjacking(64476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110104 Re: (possible) CVE request: Clickjacking in Mediawiki", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/04/12" + }, + { + "name": "ADV-2011-0017", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0017" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=26561" + }, + { + "name": "70272", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/70272" + }, + { + "name": "FEDORA-2011-5807", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059235.html" + }, + { + "name": "[MediaWiki-announce] 20110104 MediaWiki security release 1.16.1", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-January/000093.html" + }, + { + "name": "[oss-security] 20110104 (possible) CVE request: Clickjacking in Mediawiki", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/01/04/6" + }, + { + "name": "42810", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42810" + }, + { + "name": "FEDORA-2011-5848", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058910.html" + }, + { + "name": "mediawiki-frames-clickjacking(64476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64476" + }, + { + "name": "FEDORA-2011-5812", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/059232.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0172.json b/2011/0xxx/CVE-2011-0172.json index 615e570d228..b9bfc029cde 100644 --- a/2011/0xxx/CVE-2011-0172.json +++ b/2011/0xxx/CVE-2011-0172.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4581", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4581" - }, - { - "name" : "APPLE-SA-2011-03-21-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-03-21-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html" + }, + { + "name": "http://support.apple.com/kb/HT4581", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4581" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0302.json b/2011/0xxx/CVE-2011-0302.json index caef5c906cf..d2118ede2bf 100644 --- a/2011/0xxx/CVE-2011-0302.json +++ b/2011/0xxx/CVE-2011-0302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0341.json b/2011/0xxx/CVE-2011-0341.json index c6a2ebb2fb3..9055ad37ab0 100644 --- a/2011/0xxx/CVE-2011-0341.json +++ b/2011/0xxx/CVE-2011-0341.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2011-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2011-38/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2011-38/" - }, - { - "name" : "47739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47739" - }, - { - "name" : "72177", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/72177" - }, - { - "name" : "43739", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43739" - }, - { - "name" : "ADV-2011-1191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/1191" - }, - { - "name" : "mupdf-pdfmozonmouse-bo(67298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "72177", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/72177" + }, + { + "name": "http://secunia.com/secunia_research/2011-38/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2011-38/" + }, + { + "name": "43739", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43739" + }, + { + "name": "ADV-2011-1191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/1191" + }, + { + "name": "mupdf-pdfmozonmouse-bo(67298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67298" + }, + { + "name": "47739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47739" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1766.json b/2011/1xxx/CVE-2011-1766.json index 6d4344bfd1a..75cd0a1103a 100644 --- a/2011/1xxx/CVE-2011-1766.json +++ b/2011/1xxx/CVE-2011-1766.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=702512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=702512" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639" - }, - { - "name" : "FEDORA-2011-6774", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html" - }, - { - "name" : "FEDORA-2011-6775", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html" - }, - { - "name" : "FEDORA-2011-6781", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html" - }, - { - "name" : "47722", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/47722" - }, - { - "name" : "44684", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wikiUserName cookies, or by leveraging an unattended workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2011-6774", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060496.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=702512", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=702512" + }, + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=28639" + }, + { + "name": "44684", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44684" + }, + { + "name": "47722", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/47722" + }, + { + "name": "[mediawiki-announce] 20110505 MediaWiki security release 1.16.5", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html" + }, + { + "name": "FEDORA-2011-6781", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060435.html" + }, + { + "name": "FEDORA-2011-6775", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060507.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1857.json b/2011/1xxx/CVE-2011-1857.json index fa600a52a57..4de765b20ae 100644 --- a/2011/1xxx/CVE-2011-1857.json +++ b/2011/1xxx/CVE-2011-1857.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2011-1857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMA02674", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "SSRT100487", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=130755929821099&w=2" - }, - { - "name" : "48168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48168" - }, - { - "name" : "1025611", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025611" - }, - { - "name" : "44836", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44836" - }, - { - "name" : "8273", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8273" - }, - { - "name" : "hp-service-unspec-unauth-access(67908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44836", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44836" + }, + { + "name": "8273", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8273" + }, + { + "name": "1025611", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025611" + }, + { + "name": "SSRT100487", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "HPSBMA02674", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=130755929821099&w=2" + }, + { + "name": "hp-service-unspec-unauth-access(67908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67908" + }, + { + "name": "48168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48168" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3229.json b/2011/3xxx/CVE-2011-3229.json index ac3313c1e14..d0e596cda16 100644 --- a/2011/3xxx/CVE-2011-3229.json +++ b/2011/3xxx/CVE-2011-3229.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-3229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5000", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5000" - }, - { - "name" : "APPLE-SA-2011-10-12-4", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" - }, - { - "name" : "76388", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/76388" - }, - { - "name" : "safari-safari-extension-code-exec(70566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2011-10-12-4", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html" + }, + { + "name": "safari-safari-extension-code-exec(70566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70566" + }, + { + "name": "76388", + "refsource": "OSVDB", + "url": "http://osvdb.org/76388" + }, + { + "name": "http://support.apple.com/kb/HT5000", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5000" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3999.json b/2011/3xxx/CVE-2011-3999.json index e36742f7ef4..321f99f2107 100644 --- a/2011/3xxx/CVE-2011-3999.json +++ b/2011/3xxx/CVE-2011-3999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2011-3999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#33861625", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN33861625/index.html" - }, - { - "name" : "JVNDB-2011-000098", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2011-000098", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000098" + }, + { + "name": "JVN#33861625", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN33861625/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4327.json b/2011/4xxx/CVE-2011-4327.json index 3256d6cf1b3..8450114264a 100644 --- a/2011/4xxx/CVE-2011-4327.json +++ b/2011/4xxx/CVE-2011-4327.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4327", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openssh.com/txt/portable-keysign-rand-helper.adv", - "refsource" : "CONFIRM", - "url" : "http://www.openssh.com/txt/portable-keysign-rand-helper.adv" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=755640", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=755640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information via the ptrace system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv", + "refsource": "CONFIRM", + "url": "http://www.openssh.com/txt/portable-keysign-rand-helper.adv" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=755640", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755640" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4584.json b/2011/4xxx/CVE-2011-4584.json index dea9a99ec0f..e4bde823585 100644 --- a/2011/4xxx/CVE-2011-4584.json +++ b/2011/4xxx/CVE-2011-4584.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=191751", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=191751" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=761248" - }, - { - "name" : "DSA-2421", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=761248", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=761248" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=10df8657c1c138c0d0ab1d4796c552fcec0c299b" + }, + { + "name": "DSA-2421", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2421" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=191751", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=191751" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5087.json b/2013/5xxx/CVE-2013-5087.json index 0decc76f3d4..3719232b32d 100644 --- a/2013/5xxx/CVE-2013-5087.json +++ b/2013/5xxx/CVE-2013-5087.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5087", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-5087", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5367.json b/2013/5xxx/CVE-2013-5367.json index 129c397de88..2e37550f2f5 100644 --- a/2013/5xxx/CVE-2013-5367.json +++ b/2013/5xxx/CVE-2013-5367.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5367", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5367", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5381.json b/2013/5xxx/CVE-2013-5381.json index b96eea38715..2e930b30ed7 100644 --- a/2013/5xxx/CVE-2013-5381.json +++ b/2013/5xxx/CVE-2013-5381.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-5381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" - }, - { - "name" : "IV35394", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394" - }, - { - "name" : "55068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55068" - }, - { - "name" : "55070", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55070" - }, - { - "name" : "maximo-cve20135381-priv-esc(86932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.3 allows remote authenticated users to gain privileges via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55070", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55070" + }, + { + "name": "55068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55068" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" + }, + { + "name": "maximo-cve20135381-priv-esc(86932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86932" + }, + { + "name": "IV35394", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV35394" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5718.json b/2013/5xxx/CVE-2013-5718.json index 0cc0292da87..155f76ce889 100644 --- a/2013/5xxx/CVE-2013-5718.json +++ b/2013/5xxx/CVE-2013-5718.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51195", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51195" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2013-55.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2013-55.html" - }, - { - "name" : "DSA-2756", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2756" - }, - { - "name" : "openSUSE-SU-2013:1481", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html" - }, - { - "name" : "openSUSE-SU-2013:1483", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html" - }, - { - "name" : "oval:org.mitre.oval:def:18784", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18784" - }, - { - "name" : "54812", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54812" - }, - { - "name" : "55022", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1481", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00050.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9005" + }, + { + "name": "55022", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55022" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2013-55.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2013-55.html" + }, + { + "name": "oval:org.mitre.oval:def:18784", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18784" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51195", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=51195" + }, + { + "name": "DSA-2756", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2756" + }, + { + "name": "54812", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54812" + }, + { + "name": "openSUSE-SU-2013:1483", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00052.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5956.json b/2013/5xxx/CVE-2013-5956.json index f7e8658e00a..584588422b3 100644 --- a/2013/5xxx/CVE-2013-5956.json +++ b/2013/5xxx/CVE-2013-5956.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140315 Re: XSS Vulnerability in the Youtube Gallery\t3.4.0 Component", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/288" - }, - { - "name" : "20140315 XSS Vulnerability in the Youtube Gallery 3.4.0 Component", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Mar/264" - }, - { - "name" : "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20140315 XSS Vulnerability in the Youtube Gallery 3.4.0 Component", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/264" + }, + { + "name": "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html" + }, + { + "name": "20140315 Re: XSS Vulnerability in the Youtube Gallery\t3.4.0 Component", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Mar/288" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2207.json b/2014/2xxx/CVE-2014-2207.json index 743f6686d1e..7ab59f3fdf8 100644 --- a/2014/2xxx/CVE-2014-2207.json +++ b/2014/2xxx/CVE-2014-2207.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2207", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2207", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2239.json b/2014/2xxx/CVE-2014-2239.json index c7872a6baf3..11e94883545 100644 --- a/2014/2xxx/CVE-2014-2239.json +++ b/2014/2xxx/CVE-2014-2239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2239", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2239", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2372.json b/2014/2xxx/CVE-2014-2372.json index 6e4058b24e4..7ecba68c979 100644 --- a/2014/2xxx/CVE-2014-2372.json +++ b/2014/2xxx/CVE-2014-2372.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2372", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2372", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2543.json b/2014/2xxx/CVE-2014-2543.json index 502f2cf4e71..eff819b42a6 100644 --- a/2014/2xxx/CVE-2014-2543.json +++ b/2014/2xxx/CVE-2014-2543.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/mk/advisory.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/mk/advisory.jsp" - }, - { - "name" : "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" - }, - { - "name" : "66744", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66744" - }, - { - "name" : "1030070", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to execute arbitrary code by leveraging access to a directly connected client and transmitting crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt" + }, + { + "name": "66744", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66744" + }, + { + "name": "http://www.tibco.com/mk/advisory.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/mk/advisory.jsp" + }, + { + "name": "1030070", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030070" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2843.json b/2014/2xxx/CVE-2014-2843.json index e3b7e459ed3..628e5fdc7bf 100644 --- a/2014/2xxx/CVE-2014-2843.json +++ b/2014/2xxx/CVE-2014-2843.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2843", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2843", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6097.json b/2014/6xxx/CVE-2014-6097.json index ad4996e3893..ba942e483a3 100644 --- a/2014/6xxx/CVE-2014-6097.json +++ b/2014/6xxx/CVE-2014-6097.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684812", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21684812" - }, - { - "name" : "IT03786", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786" - }, - { - "name" : "IT04034", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034" - }, - { - "name" : "ibm-db2-cve20146097-dos(95945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21684812" + }, + { + "name": "ibm-db2-cve20146097-dos(95945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95945" + }, + { + "name": "IT04034", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT04034" + }, + { + "name": "IT03786", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT03786" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6829.json b/2014/6xxx/CVE-2014-6829.json index 6755ef319d2..91da64239b3 100644 --- a/2014/6xxx/CVE-2014-6829.json +++ b/2014/6xxx/CVE-2014-6829.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#934321", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/934321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#934321", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/934321" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6972.json b/2014/6xxx/CVE-2014-6972.json index 579a65d0a62..628ab8fd7ca 100644 --- a/2014/6xxx/CVE-2014-6972.json +++ b/2014/6xxx/CVE-2014-6972.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#751369", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/751369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#751369", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/751369" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6988.json b/2014/6xxx/CVE-2014-6988.json index 491f7353f9f..a3f293aa5ea 100644 --- a/2014/6xxx/CVE-2014-6988.json +++ b/2014/6xxx/CVE-2014-6988.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#726201", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/726201" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#726201", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/726201" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7445.json b/2014/7xxx/CVE-2014-7445.json index a620235588e..16315ea8d8c 100644 --- a/2014/7xxx/CVE-2014-7445.json +++ b/2014/7xxx/CVE-2014-7445.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#401921", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/401921" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#401921", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/401921" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7752.json b/2014/7xxx/CVE-2014-7752.json index ec964187543..7a9c5fb7434 100644 --- a/2014/7xxx/CVE-2014-7752.json +++ b/2014/7xxx/CVE-2014-7752.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#994601", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/994601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#994601", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/994601" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0242.json b/2017/0xxx/CVE-2017-0242.json index b88b440cc72..86cce30bbcb 100644 --- a/2017/0xxx/CVE-2017-0242.json +++ b/2017/0xxx/CVE-2017-0242.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 for Itanium-Based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka \"Microsoft ActiveX Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation), Windows Server 2008 for x64-based Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation), Windows Server 2008 for Itanium-Based Systems Service Pack 2, Windows Server 2008 R2 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation), Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242" - }, - { - "name" : "98275", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka \"Microsoft ActiveX Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0242" + }, + { + "name": "98275", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98275" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0304.json b/2017/0xxx/CVE-2017-0304.json index c80aa505697..3d7ad15cb89 100644 --- a/2017/0xxx/CVE-2017-0304.json +++ b/2017/0xxx/CVE-2017-0304.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "DATE_PUBLIC" : "2017-12-20T00:00:00", - "ID" : "CVE-2017-0304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP AFM", - "version" : { - "version_data" : [ - { - "version_value" : "12.0.0, 12.1.0, 12.1.1, 12.1.2" - }, - { - "version_value" : "13.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "DATE_PUBLIC": "2017-12-20T00:00:00", + "ID": "CVE-2017-0304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP AFM", + "version": { + "version_data": [ + { + "version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2" + }, + { + "version_value": "13.0.0" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K39428424", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K39428424" - }, - { - "name" : "102332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102332" - }, - { - "name" : "1040041", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102332" + }, + { + "name": "https://support.f5.com/csp/article/K39428424", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K39428424" + }, + { + "name": "1040041", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040041" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0371.json b/2017/0xxx/CVE-2017-0371.json index e03b77f7e26..a1a7bf201eb 100644 --- a/2017/0xxx/CVE-2017-0371.json +++ b/2017/0xxx/CVE-2017-0371.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-0371", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-0371", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000034.json b/2017/1000xxx/CVE-2017-1000034.json index 5c4eabfb91f..9433338dbbd 100644 --- a/2017/1000xxx/CVE-2017-1000034.json +++ b/2017/1000xxx/CVE-2017-1000034.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-05-06T20:43:28.282967", - "ID" : "CVE-2017-1000034", - "REQUESTER" : "adrianbn@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Akka", - "version" : { - "version_data" : [ - { - "version_value" : " 2.4.16 and older, 2.5-M1" - } - ] - } - } - ] - }, - "vendor_name" : "Akka" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure deserialization of user data" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-05-06T20:43:28.282967", + "ID": "CVE-2017-1000034", + "REQUESTER": "adrianbn@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html", - "refsource" : "CONFIRM", - "url" : "http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html", + "refsource": "CONFIRM", + "url": "http://doc.akka.io/docs/akka/2.4/security/2017-02-10-java-serialization.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18322.json b/2017/18xxx/CVE-2017-18322.json index 47910213e08..c7298e55726 100644 --- a/2017/18xxx/CVE-2017-18322.json +++ b/2017/18xxx/CVE-2017-18322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in WCDMA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in WCDMA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18330.json b/2017/18xxx/CVE-2017-18330.json index 16c2924f6cd..15a7c9cff7c 100644 --- a/2017/18xxx/CVE-2017-18330.json +++ b/2017/18xxx/CVE-2017-18330.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in Crypto" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "106128", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Crypto" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "106128", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106128" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1003.json b/2017/1xxx/CVE-2017-1003.json index c8a75c6e266..8e5cd221282 100644 --- a/2017/1xxx/CVE-2017-1003.json +++ b/2017/1xxx/CVE-2017-1003.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1003", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1003", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1032.json b/2017/1xxx/CVE-2017-1032.json index b8b28c67eaf..086a302cb51 100644 --- a/2017/1xxx/CVE-2017-1032.json +++ b/2017/1xxx/CVE-2017-1032.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1032", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1032", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1180.json b/2017/1xxx/CVE-2017-1180.json index 0d2ff93642b..853db314146 100644 --- a/2017/1xxx/CVE-2017-1180.json +++ b/2017/1xxx/CVE-2017-1180.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TRIRIGA Application Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.3" - }, - { - "version_value" : "3.3.1" - }, - { - "version_value" : "3.3.2" - }, - { - "version_value" : "3.4" - }, - { - "version_value" : "3.4.1" - }, - { - "version_value" : "3.4.2" - }, - { - "version_value" : "3.5" - }, - { - "version_value" : "3.5.1" - }, - { - "version_value" : "3.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TRIRIGA Application Platform", + "version": { + "version_data": [ + { + "version_value": "3.3" + }, + { + "version_value": "3.3.1" + }, + { + "version_value": "3.3.2" + }, + { + "version_value": "3.4" + }, + { + "version_value": "3.4.1" + }, + { + "version_value": "3.4.2" + }, + { + "version_value": "3.5" + }, + { + "version_value": "3.5.1" + }, + { + "version_value": "3.5.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22001084", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22001084" - }, - { - "name" : "97273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IBM TRIRIGA Document Manager contains a vulnerability that could allow an authenticated user to execute actions they did not have access to. IBM Reference #: 2001084." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97273" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22001084", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22001084" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1485.json b/2017/1xxx/CVE-2017-1485.json index 1599d76e633..36963f7f605 100644 --- a/2017/1xxx/CVE-2017-1485.json +++ b/2017/1xxx/CVE-2017-1485.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2017-08-25T00:00:00", - "ID" : "CVE-2017-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cognos Analytics", - "version" : { - "version_data" : [ - { - "version_value" : "11.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2017-08-25T00:00:00", + "ID": "CVE-2017-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cognos Analytics", + "version": { + "version_data": [ + { + "version_value": "11.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22007242", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22007242" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128623." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22007242", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22007242" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128623" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1624.json b/2017/1xxx/CVE-2017-1624.json index f183ab4ce3d..db1d6927bb8 100644 --- a/2017/1xxx/CVE-2017-1624.json +++ b/2017/1xxx/CVE-2017-1624.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-04-02T00:00:00", - "ID" : "CVE-2017-1624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security QRadar SIEM", - "version" : { - "version_data" : [ - { - "version_value" : "7.3" - }, - { - "version_value" : "7.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "U", - "SCORE" : "4.200", - "UI" : "N" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Gain Access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-04-02T00:00:00", + "ID": "CVE-2017-1624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.3" + }, + { + "version_value": "7.3.1" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133122", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/133122" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015236", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015236" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "U", + "SCORE": "4.200", + "UI": "N" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Gain Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133122", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133122" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22015236", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22015236" + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4427.json b/2017/4xxx/CVE-2017-4427.json index ed71c83f707..3098815ba26 100644 --- a/2017/4xxx/CVE-2017-4427.json +++ b/2017/4xxx/CVE-2017-4427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-4427", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-4427", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/4xxx/CVE-2017-4934.json b/2017/4xxx/CVE-2017-4934.json index a19e70732f1..0e134f2a700 100644 --- a/2017/4xxx/CVE-2017-4934.json +++ b/2017/4xxx/CVE-2017-4934.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@vmware.com", - "DATE_PUBLIC" : "2017-11-16T00:00:00", - "ID" : "CVE-2017-4934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Workstation", - "version" : { - "version_data" : [ - { - "version_value" : "12.x before 12.5.8" - } - ] - } - }, - { - "product_name" : "Fusion", - "version" : { - "version_data" : [ - { - "version_value" : "8.x before 8.5.9" - } - ] - } - } - ] - }, - "vendor_name" : "VMware" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer-overflow vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@vmware.com", + "DATE_PUBLIC": "2017-11-16T00:00:00", + "ID": "CVE-2017-4934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Workstation", + "version": { + "version_data": [ + { + "version_value": "12.x before 12.5.8" + } + ] + } + }, + { + "product_name": "Fusion", + "version": { + "version_data": [ + { + "version_value": "8.x before 8.5.9" + } + ] + } + } + ] + }, + "vendor_name": "VMware" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vmware.com/security/advisories/VMSA-2017-0018.html", - "refsource" : "CONFIRM", - "url" : "https://www.vmware.com/security/advisories/VMSA-2017-0018.html" - }, - { - "name" : "101903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101903" - }, - { - "name" : "1039835", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer-overflow vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html", + "refsource": "CONFIRM", + "url": "https://www.vmware.com/security/advisories/VMSA-2017-0018.html" + }, + { + "name": "101903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101903" + }, + { + "name": "1039835", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039835" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5063.json b/2017/5xxx/CVE-2017-5063.json index 276e8560007..c7cc71a34ec 100644 --- a/2017/5xxx/CVE-2017-5063.json +++ b/2017/5xxx/CVE-2017-5063.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-5063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-5063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 58.0.3029.81 for Linux, Windows and Mac, and 58.0.3029.83 for Android" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/700836", - "refsource" : "MISC", - "url" : "https://crbug.com/700836" - }, - { - "name" : "GLSA-201705-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-02" - }, - { - "name" : "RHSA-2017:1124", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1124" - }, - { - "name" : "97939", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97939" - }, - { - "name" : "1038317", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038317" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1124", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1124" + }, + { + "name": "GLSA-201705-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-02" + }, + { + "name": "1038317", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038317" + }, + { + "name": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html" + }, + { + "name": "97939", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97939" + }, + { + "name": "https://crbug.com/700836", + "refsource": "MISC", + "url": "https://crbug.com/700836" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5287.json b/2017/5xxx/CVE-2017-5287.json index 46dcdbc7b82..b04b3d5a24d 100644 --- a/2017/5xxx/CVE-2017-5287.json +++ b/2017/5xxx/CVE-2017-5287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5620.json b/2017/5xxx/CVE-2017-5620.json index f180305e2eb..aeb3d518855 100644 --- a/2017/5xxx/CVE-2017-5620.json +++ b/2017/5xxx/CVE-2017-5620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zammad.com/de/news/security-advisory-zaa-2017-01", - "refsource" : "CONFIRM", - "url" : "https://zammad.com/de/news/security-advisory-zaa-2017-01" - }, - { - "name" : "96937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96937" + }, + { + "name": "https://zammad.com/de/news/security-advisory-zaa-2017-01", + "refsource": "CONFIRM", + "url": "https://zammad.com/de/news/security-advisory-zaa-2017-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5967.json b/2017/5xxx/CVE-2017-5967.json index 0278b51b072..8ce057cec79 100644 --- a/2017/5xxx/CVE-2017-5967.json +++ b/2017/5xxx/CVE-2017-5967.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=193921", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=193921" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1" - }, - { - "name" : "96271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1" + }, + { + "name": "96271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96271" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=193921", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=193921" + } + ] + } +} \ No newline at end of file