From d6022390be41ec208d451b81d017d6bf1d10cd7e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:21:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2006/0xxx/CVE-2006-0188.json | 310 ++++++++++++++++----------------- 2006/0xxx/CVE-2006-0993.json | 210 +++++++++++----------- 2006/3xxx/CVE-2006-3095.json | 180 +++++++++---------- 2006/3xxx/CVE-2006-3123.json | 190 ++++++++++---------- 2006/3xxx/CVE-2006-3994.json | 160 ++++++++--------- 2006/4xxx/CVE-2006-4398.json | 200 ++++++++++----------- 2006/4xxx/CVE-2006-4856.json | 190 ++++++++++---------- 2006/4xxx/CVE-2006-4981.json | 130 +++++++------- 2006/6xxx/CVE-2006-6073.json | 140 +++++++-------- 2006/6xxx/CVE-2006-6632.json | 140 +++++++-------- 2006/6xxx/CVE-2006-6701.json | 210 +++++++++++----------- 2006/7xxx/CVE-2006-7250.json | 270 ++++++++++++++-------------- 2010/2xxx/CVE-2010-2247.json | 34 ++-- 2010/2xxx/CVE-2010-2556.json | 140 +++++++-------- 2010/2xxx/CVE-2010-2719.json | 170 +++++++++--------- 2010/2xxx/CVE-2010-2837.json | 130 +++++++------- 2011/0xxx/CVE-2011-0225.json | 170 +++++++++--------- 2011/0xxx/CVE-2011-0724.json | 150 ++++++++-------- 2011/1xxx/CVE-2011-1133.json | 34 ++-- 2011/1xxx/CVE-2011-1701.json | 190 ++++++++++---------- 2011/4xxx/CVE-2011-4216.json | 130 +++++++------- 2011/4xxx/CVE-2011-4718.json | 150 ++++++++-------- 2011/5xxx/CVE-2011-5313.json | 120 ++++++------- 2014/3xxx/CVE-2014-3335.json | 170 +++++++++--------- 2014/3xxx/CVE-2014-3590.json | 34 ++-- 2014/3xxx/CVE-2014-3921.json | 130 +++++++------- 2014/3xxx/CVE-2014-3935.json | 130 +++++++------- 2014/6xxx/CVE-2014-6067.json | 34 ++-- 2014/6xxx/CVE-2014-6429.json | 250 +++++++++++++------------- 2014/6xxx/CVE-2014-6695.json | 140 +++++++-------- 2014/6xxx/CVE-2014-6828.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7068.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7120.json | 140 +++++++-------- 2014/7xxx/CVE-2014-7147.json | 34 ++-- 2014/7xxx/CVE-2014-7296.json | 130 +++++++------- 2014/7xxx/CVE-2014-7355.json | 34 ++-- 2014/8xxx/CVE-2014-8018.json | 140 +++++++-------- 2014/8xxx/CVE-2014-8589.json | 160 ++++++++--------- 2016/2xxx/CVE-2016-2449.json | 130 +++++++------- 2016/2xxx/CVE-2016-2637.json | 34 ++-- 2016/2xxx/CVE-2016-2670.json | 34 ++-- 2016/2xxx/CVE-2016-2747.json | 34 ++-- 2017/18xxx/CVE-2017-18295.json | 140 +++++++-------- 2017/1xxx/CVE-2017-1404.json | 34 ++-- 2017/1xxx/CVE-2017-1411.json | 208 +++++++++++----------- 2017/1xxx/CVE-2017-1587.json | 34 ++-- 2017/1xxx/CVE-2017-1608.json | 288 +++++++++++++++--------------- 2017/1xxx/CVE-2017-1816.json | 34 ++-- 2017/1xxx/CVE-2017-1966.json | 34 ++-- 2017/5xxx/CVE-2017-5003.json | 140 +++++++-------- 2017/5xxx/CVE-2017-5714.json | 34 ++-- 2017/5xxx/CVE-2017-5953.json | 160 ++++++++--------- 52 files changed, 3446 insertions(+), 3446 deletions(-) diff --git a/2006/0xxx/CVE-2006-0188.json b/2006/0xxx/CVE-2006-0188.json index f58bb1a440b..78ac105c001 100644 --- a/2006/0xxx/CVE-2006-0188.json +++ b/2006/0xxx/CVE-2006-0188.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squirrelmail.org/security/issue/2006-02-01", - "refsource" : "CONFIRM", - "url" : "http://www.squirrelmail.org/security/issue/2006-02-01" - }, - { - "name" : "DSA-988", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-988" - }, - { - "name" : "FEDORA-2006-133", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" - }, - { - "name" : "GLSA-200603-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" - }, - { - "name" : "MDKSA-2006:049", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" - }, - { - "name" : "RHSA-2006:0283", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0283.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "SUSE-SR:2006:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html" - }, - { - "name" : "16756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/16756" - }, - { - "name" : "oval:org.mitre.oval:def:10419", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419" - }, - { - "name" : "ADV-2006-0689", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0689" - }, - { - "name" : "1015662", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015662" - }, - { - "name" : "18985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18985" - }, - { - "name" : "19131", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19131" - }, - { - "name" : "19130", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19130" - }, - { - "name" : "19176", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19176" - }, - { - "name" : "19205", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19205" - }, - { - "name" : "19960", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19960" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "squirrelmail-webmail-xss(24847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2006:049", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:049" + }, + { + "name": "RHSA-2006:0283", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0283.html" + }, + { + "name": "19176", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19176" + }, + { + "name": "squirrelmail-webmail-xss(24847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24847" + }, + { + "name": "FEDORA-2006-133", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html" + }, + { + "name": "SUSE-SR:2006:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html" + }, + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "oval:org.mitre.oval:def:10419", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10419" + }, + { + "name": "ADV-2006-0689", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0689" + }, + { + "name": "18985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18985" + }, + { + "name": "19205", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19205" + }, + { + "name": "http://www.squirrelmail.org/security/issue/2006-02-01", + "refsource": "CONFIRM", + "url": "http://www.squirrelmail.org/security/issue/2006-02-01" + }, + { + "name": "19960", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19960" + }, + { + "name": "16756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/16756" + }, + { + "name": "19130", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19130" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "DSA-988", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-988" + }, + { + "name": "19131", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19131" + }, + { + "name": "GLSA-200603-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml" + }, + { + "name": "1015662", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015662" + } + ] + } +} \ No newline at end of file diff --git a/2006/0xxx/CVE-2006-0993.json b/2006/0xxx/CVE-2006-0993.json index 0c0af873357..7d1c3df25a1 100644 --- a/2006/0xxx/CVE-2006-0993.json +++ b/2006/0xxx/CVE-2006-0993.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-0993", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-0993", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060509 ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/433432/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html" - }, - { - "name" : "http://www.3com.com/securityalert/alerts/3COM-06-002.html", - "refsource" : "CONFIRM", - "url" : "http://www.3com.com/securityalert/alerts/3COM-06-002.html" - }, - { - "name" : "17935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17935" - }, - { - "name" : "ADV-2006-1752", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1752" - }, - { - "name" : "25360", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/25360" - }, - { - "name" : "1016051", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016051" - }, - { - "name" : "20058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20058" - }, - { - "name" : "870", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/870" - }, - { - "name" : "tippingpoint-sms-information-disclosure(26338)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060509 ZDI-06-013: 3Com TippingPoint SMS Server Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/433432/100/0/threaded" + }, + { + "name": "17935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17935" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-013.html" + }, + { + "name": "20058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20058" + }, + { + "name": "tippingpoint-sms-information-disclosure(26338)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26338" + }, + { + "name": "http://www.3com.com/securityalert/alerts/3COM-06-002.html", + "refsource": "CONFIRM", + "url": "http://www.3com.com/securityalert/alerts/3COM-06-002.html" + }, + { + "name": "1016051", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016051" + }, + { + "name": "870", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/870" + }, + { + "name": "25360", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/25360" + }, + { + "name": "ADV-2006-1752", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1752" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3095.json b/2006/3xxx/CVE-2006-3095.json index e7b88d34240..238d0e58f0c 100644 --- a/2006/3xxx/CVE-2006-3095.json +++ b/2006/3xxx/CVE-2006-3095.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html", - "refsource" : "MISC", - "url" : "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html" - }, - { - "name" : "18460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18460" - }, - { - "name" : "ADV-2006-2382", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2382" - }, - { - "name" : "26522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26522" - }, - { - "name" : "26523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26523" - }, - { - "name" : "20697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20697" - }, - { - "name" : "ipostmx-returnurl-xss(27140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the RETURNURL parameter in (1) userlogin.cfm and (2) account.cfm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26523" + }, + { + "name": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html", + "refsource": "MISC", + "url": "http://pridels0.blogspot.com/2006/06/ipostmx-2005-vuln.html" + }, + { + "name": "20697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20697" + }, + { + "name": "ADV-2006-2382", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2382" + }, + { + "name": "18460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18460" + }, + { + "name": "26522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26522" + }, + { + "name": "ipostmx-returnurl-xss(27140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27140" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3123.json b/2006/3xxx/CVE-2006-3123.json index d651e504448..ebd0fb681a6 100644 --- a/2006/3xxx/CVE-2006-3123.json +++ b/2006/3xxx/CVE-2006-3123.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2006-3123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" - }, - { - "name" : "DSA-1138", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1138" - }, - { - "name" : "19320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19320" - }, - { - "name" : "ADV-2006-3157", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3157" - }, - { - "name" : "21310", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21310" - }, - { - "name" : "21341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21341" - }, - { - "name" : "cfs-dodecrypt-dodencrypt-dos(28288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1138", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1138" + }, + { + "name": "21341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21341" + }, + { + "name": "ADV-2006-3157", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3157" + }, + { + "name": "19320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19320" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" + }, + { + "name": "21310", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21310" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076" + }, + { + "name": "cfs-dodecrypt-dodencrypt-dos(28288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28288" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3994.json b/2006/3xxx/CVE-2006-3994.json index 87c0e8ccf2d..2799657a277 100644 --- a/2006/3xxx/CVE-2006-3994.json +++ b/2006/3xxx/CVE-2006-3994.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2105", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2105" - }, - { - "name" : "19280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19280" - }, - { - "name" : "ADV-2006-3088", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3088" - }, - { - "name" : "21293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21293" - }, - { - "name" : "xmb-u2uincphp-sql-injection(28159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21293" + }, + { + "name": "19280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19280" + }, + { + "name": "xmb-u2uincphp-sql-injection(28159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28159" + }, + { + "name": "2105", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2105" + }, + { + "name": "ADV-2006-3088", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3088" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4398.json b/2006/4xxx/CVE-2006-4398.json index 549f8b7da93..ea24cf078d9 100644 --- a/2006/4xxx/CVE-2006-4398.json +++ b/2006/4xxx/CVE-2006-4398.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://docs.info.apple.com/article.html?artnum=304829", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=304829" - }, - { - "name" : "APPLE-SA-2006-11-28", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" - }, - { - "name" : "TA06-333A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" - }, - { - "name" : "VU#800296", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/800296" - }, - { - "name" : "21335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21335" - }, - { - "name" : "ADV-2006-4750", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4750" - }, - { - "name" : "30738", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30738" - }, - { - "name" : "1017301", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017301" - }, - { - "name" : "23155", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-4750", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4750" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=304829", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=304829" + }, + { + "name": "21335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21335" + }, + { + "name": "23155", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23155" + }, + { + "name": "30738", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30738" + }, + { + "name": "APPLE-SA-2006-11-28", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html" + }, + { + "name": "TA06-333A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html" + }, + { + "name": "VU#800296", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/800296" + }, + { + "name": "1017301", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017301" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4856.json b/2006/4xxx/CVE-2006-4856.json index 3eeb56e7972..bc7fc22e0a1 100644 --- a/2006/4xxx/CVE-2006-4856.json +++ b/2006/4xxx/CVE-2006-4856.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060915 Roller Weblogger XSS vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446133/100/0/threaded" - }, - { - "name" : "http://opensource.atlassian.com/projects/roller/browse/ROL-1196", - "refsource" : "MISC", - "url" : "http://opensource.atlassian.com/projects/roller/browse/ROL-1196" - }, - { - "name" : "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz", - "refsource" : "MISC", - "url" : "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz" - }, - { - "name" : "VU#366900", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/366900" - }, - { - "name" : "20045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20045" - }, - { - "name" : "ADV-2006-3667", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3667" - }, - { - "name" : "21964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21964" - }, - { - "name" : "1597", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060915 Roller Weblogger XSS vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446133/100/0/threaded" + }, + { + "name": "ADV-2006-3667", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3667" + }, + { + "name": "20045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20045" + }, + { + "name": "1597", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1597" + }, + { + "name": "21964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21964" + }, + { + "name": "VU#366900", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/366900" + }, + { + "name": "http://opensource.atlassian.com/projects/roller/browse/ROL-1196", + "refsource": "MISC", + "url": "http://opensource.atlassian.com/projects/roller/browse/ROL-1196" + }, + { + "name": "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz", + "refsource": "MISC", + "url": "http://people.apache.org/~snoopdave/roller-2.3.1-rc1/apache-roller-src-2.3.1-rc1-incubating.tar.gz" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4981.json b/2006/4xxx/CVE-2006-4981.json index 68b188f751b..b9e730300b9 100644 --- a/2006/4xxx/CVE-2006-4981.json +++ b/2006/4xxx/CVE-2006-4981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060919 White paper release: Bypassing network access control (NAC) systems", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/446421/100/0/threaded" - }, - { - "name" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20060919 White paper release: Bypassing network access control (NAC) systems", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/446421/100/0/threaded" + }, + { + "name": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.insightix.com/files/pdf/Bypassing_NAC_Solutions_Whitepaper.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6073.json b/2006/6xxx/CVE-2006-6073.json index 485e6c3abff..601284017e0 100644 --- a/2006/6xxx/CVE-2006-6073.json +++ b/2006/6xxx/CVE-2006-6073.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20061113 ECommerce Store Shop Builder", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=116353137028066&w=2" - }, - { - "name" : "http://aria-security.net/advisory/eShopping.txt", - "refsource" : "MISC", - "url" : "http://aria-security.net/advisory/eShopping.txt" - }, - { - "name" : "eshoppingcart-product-sql-injection(30262)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061113 ECommerce Store Shop Builder", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=116353137028066&w=2" + }, + { + "name": "eshoppingcart-product-sql-injection(30262)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30262" + }, + { + "name": "http://aria-security.net/advisory/eShopping.txt", + "refsource": "MISC", + "url": "http://aria-security.net/advisory/eShopping.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6632.json b/2006/6xxx/CVE-2006-6632.json index 25e22f6810f..7993c106c22 100644 --- a/2006/6xxx/CVE-2006-6632.json +++ b/2006/6xxx/CVE-2006-6632.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "2539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/2539" - }, - { - "name" : "20510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20510" - }, - { - "name" : "genepi-genepi-file-include(29518)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20510" + }, + { + "name": "genepi-genepi-file-include(29518)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29518" + }, + { + "name": "2539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/2539" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6701.json b/2006/6xxx/CVE-2006-6701.json index 242244ebb45..910e22555fa 100644 --- a/2006/6xxx/CVE-2006-6701.json +++ b/2006/6xxx/CVE-2006-6701.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/458109/100/100/threaded" - }, - { - "name" : "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0512.html" - }, - { - "name" : "http://www.netragard.com/html/recent_research.html", - "refsource" : "MISC", - "url" : "http://www.netragard.com/html/recent_research.html" - }, - { - "name" : "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt", - "refsource" : "MISC", - "url" : "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt" - }, - { - "name" : "http://terra.calacode.com/mail/docs/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://terra.calacode.com/mail/docs/changelog.html" - }, - { - "name" : "ADV-2007-1864", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/1864" - }, - { - "name" : "1017435", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017435" - }, - { - "name" : "23472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23472" - }, - { - "name" : "25328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25328" - }, - { - "name" : "@mail-unspecified-csrf(31259)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/31259" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://terra.calacode.com/mail/docs/changelog.html", + "refsource": "CONFIRM", + "url": "http://terra.calacode.com/mail/docs/changelog.html" + }, + { + "name": "25328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25328" + }, + { + "name": "@mail-unspecified-csrf(31259)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31259" + }, + { + "name": "ADV-2007-1864", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/1864" + }, + { + "name": "1017435", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017435" + }, + { + "name": "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0512.html" + }, + { + "name": "20070125 [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/458109/100/100/threaded" + }, + { + "name": "http://www.netragard.com/html/recent_research.html", + "refsource": "MISC", + "url": "http://www.netragard.com/html/recent_research.html" + }, + { + "name": "23472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23472" + }, + { + "name": "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt", + "refsource": "MISC", + "url": "http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7250.json b/2006/7xxx/CVE-2006-7250.json index d9cc894c042..93718b82cab 100644 --- a/2006/7xxx/CVE-2006-7250.json +++ b/2006/7xxx/CVE-2006-7250.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-7250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openssl-dev&m=115685408414194&w=2" - }, - { - "name" : "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html" - }, - { - "name" : "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/27/10" - }, - { - "name" : "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/28/14" - }, - { - "name" : "http://cvs.openssl.org/chngview?cn=22144", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=22144" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=748738", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=748738" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=798100", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=798100" - }, - { - "name" : "HPSBUX02782", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" - }, - { - "name" : "SSRT100844", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" - }, - { - "name" : "RHSA-2009:1335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html" - }, - { - "name" : "USN-1424-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1424-1" - }, - { - "name" : "52181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52181" - }, - { - "name" : "48516", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48516" - }, - { - "name" : "48899", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48899" - }, - { - "name" : "36533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36533" - }, - { - "name" : "48153", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=748738", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=748738" + }, + { + "name": "48516", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48516" + }, + { + "name": "48899", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48899" + }, + { + "name": "[openssl-dev] 20060829 Crash inside SMIME_read_PKCS7 if input is not MIME", + "refsource": "MLIST", + "url": "http://marc.info/?l=openssl-dev&m=115685408414194&w=2" + }, + { + "name": "[openssl-dev] 20120210 [openssl.org #2711] Fix possible NULL dereference on bad MIME headers", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/openssl-dev@openssl.org/msg30305.html" + }, + { + "name": "RHSA-2009:1335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" + }, + { + "name": "52181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52181" + }, + { + "name": "36533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36533" + }, + { + "name": "USN-1424-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1424-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=798100", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=798100" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=22144", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=22144" + }, + { + "name": "[oss-security] 20120227 CVE request: openssl: null pointer dereference issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/27/10" + }, + { + "name": "[oss-security] 20120228 Re: CVE request: openssl: null pointer dereference issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/28/14" + }, + { + "name": "48153", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48153" + }, + { + "name": "HPSBUX02782", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2" + }, + { + "name": "SSRT100844", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2247.json b/2010/2xxx/CVE-2010-2247.json index bf05f0ff099..06827798a3b 100644 --- a/2010/2xxx/CVE-2010-2247.json +++ b/2010/2xxx/CVE-2010-2247.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2247", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2247", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2556.json b/2010/2xxx/CVE-2010-2556.json index 117973076fa..23366a71822 100644 --- a/2010/2xxx/CVE-2010-2556.json +++ b/2010/2xxx/CVE-2010-2556.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2010-2556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS10-053", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" - }, - { - "name" : "TA10-222A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" - }, - { - "name" : "oval:org.mitre.oval:def:11994", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA10-222A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" + }, + { + "name": "MS10-053", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-053" + }, + { + "name": "oval:org.mitre.oval:def:11994", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11994" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2719.json b/2010/2xxx/CVE-2010-2719.json index 4914d9a5208..ff7a05277c8 100644 --- a/2010/2xxx/CVE-2010-2719.json +++ b/2010/2xxx/CVE-2010-2719.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2010-2719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14199", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14199" - }, - { - "name" : "41341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/41341" - }, - { - "name" : "65994", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/65994" - }, - { - "name" : "40450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/40450" - }, - { - "name" : "ADV-2010-1690", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1690" - }, - { - "name" : "phpaacms-show-sql-injection(60075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/60075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "65994", + "refsource": "OSVDB", + "url": "http://osvdb.org/65994" + }, + { + "name": "ADV-2010-1690", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1690" + }, + { + "name": "40450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/40450" + }, + { + "name": "phpaacms-show-sql-injection(60075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60075" + }, + { + "name": "41341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/41341" + }, + { + "name": "14199", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14199" + } + ] + } +} \ No newline at end of file diff --git a/2010/2xxx/CVE-2010-2837.json b/2010/2xxx/CVE-2010-2837.json index 0d5285bf726..91256d4364d 100644 --- a/2010/2xxx/CVE-2010-2837.json +++ b/2010/2xxx/CVE-2010-2837.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2010-2837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2010-2837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml" - }, - { - "name" : "ADV-2010-2187", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/2187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIPStationInit implementation in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.1SU before 6.1(5)SU1, 7.0SU before 7.0(2a)SU3, 7.1SU before 7.1(3b)SU2, 7.1 before 7.1(5), and 8.0 before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtd17310." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2010-2187", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/2187" + }, + { + "name": "20100825 Cisco Unified Communications Manager Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b43908.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0225.json b/2011/0xxx/CVE-2011-0225.json index dc3ed057420..a36203026d6 100644 --- a/2011/0xxx/CVE-2011-0225.json +++ b/2011/0xxx/CVE-2011-0225.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4808", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4808" - }, - { - "name" : "http://support.apple.com/kb/HT4981", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4981" - }, - { - "name" : "http://support.apple.com/kb/HT4999", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4999" - }, - { - "name" : "APPLE-SA-2011-07-20-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" - }, - { - "name" : "APPLE-SA-2011-10-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" - }, - { - "name" : "APPLE-SA-2011-10-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4981", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4981" + }, + { + "name": "APPLE-SA-2011-10-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" + }, + { + "name": "APPLE-SA-2011-10-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT4999", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4999" + }, + { + "name": "http://support.apple.com/kb/HT4808", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4808" + }, + { + "name": "APPLE-SA-2011-07-20-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0724.json b/2011/0xxx/CVE-2011-0724.json index 517e61860b8..b60fbd18e73 100644 --- a/2011/0xxx/CVE-2011-0724.json +++ b/2011/0xxx/CVE-2011-0724.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2011-0724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1061-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1061-1" - }, - { - "name" : "46346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46346" - }, - { - "name" : "ADV-2011-0378", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0378" - }, - { - "name" : "italc-keys-security-bypass(65389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/65389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1061-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1061-1" + }, + { + "name": "italc-keys-security-bypass(65389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65389" + }, + { + "name": "46346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46346" + }, + { + "name": "ADV-2011-0378", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0378" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1133.json b/2011/1xxx/CVE-2011-1133.json index 44cb8458d67..f18f5ccacc4 100644 --- a/2011/1xxx/CVE-2011-1133.json +++ b/2011/1xxx/CVE-2011-1133.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1133", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1133", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1701.json b/2011/1xxx/CVE-2011-1701.json index 31e7a22451d..cf32aec1ec7 100644 --- a/2011/1xxx/CVE-2011-1701.json +++ b/2011/1xxx/CVE-2011-1701.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20110606 ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/518269/100/0/threaded" - }, - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-11-174/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-11-174/" - }, - { - "name" : "http://download.novell.com/Download?buildid=6_bNby38ERg~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=6_bNby38ERg~" - }, - { - "name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723" - }, - { - "name" : "48124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/48124" - }, - { - "name" : "1025606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025606" - }, - { - "name" : "44811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44811" - }, - { - "name" : "novell-iprint-profilename-bo(67876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1025606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025606" + }, + { + "name": "http://download.novell.com/Download?buildid=6_bNby38ERg~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=6_bNby38ERg~" + }, + { + "name": "44811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44811" + }, + { + "name": "48124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/48124" + }, + { + "name": "novell-iprint-profilename-bo(67876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67876" + }, + { + "name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7008723" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-11-174/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-11-174/" + }, + { + "name": "20110606 ZDI-11-174: Novell iPrint nipplib.dll profile-name Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/518269/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4216.json b/2011/4xxx/CVE-2011-4216.json index d194e56311f..50dc58fa3c3 100644 --- a/2011/4xxx/CVE-2011-4216.json +++ b/2011/4xxx/CVE-2011-4216.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#275036", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/275036" - }, - { - "name" : "slimpdf-write-operations-code-exec(71100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "slimpdf-write-operations-code-exec(71100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71100" + }, + { + "name": "VU#275036", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/275036" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4718.json b/2011/4xxx/CVE-2011-4718.json index fa1b73035f4..265c6067d65 100644 --- a/2011/4xxx/CVE-2011-4718.json +++ b/2011/4xxx/CVE-2011-4718.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.php.net/bug.php?id=60491", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=60491" - }, - { - "name" : "https://wiki.php.net/rfc/strict_sessions", - "refsource" : "MISC", - "url" : "https://wiki.php.net/rfc/strict_sessions" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde", - "refsource" : "CONFIRM", - "url" : "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=25e8fcc88fa20dc9d4c47184471003f436927cde" + }, + { + "name": "https://wiki.php.net/rfc/strict_sessions", + "refsource": "MISC", + "url": "https://wiki.php.net/rfc/strict_sessions" + }, + { + "name": "https://bugs.php.net/bug.php?id=60491", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=60491" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f", + "refsource": "CONFIRM", + "url": "http://git.php.net/?p=php-src.git;a=commit;h=169b78eb79b0e080b67f9798708eb3771c6d0b2f" + } + ] + } +} \ No newline at end of file diff --git a/2011/5xxx/CVE-2011-5313.json b/2011/5xxx/CVE-2011-5313.json index d897f718f13..8acaef0df5b 100644 --- a/2011/5xxx/CVE-2011-5313.json +++ b/2011/5xxx/CVE-2011-5313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-5313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-5313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB22804", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB22804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.htbridge.com/advisory/HTB22804", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB22804" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3335.json b/2014/3xxx/CVE-2014-3335.json index 61d8af55656..509c8a7fac0 100644 --- a/2014/3xxx/CVE-2014-3335.json +++ b/2014/3xxx/CVE-2014-3335.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-3335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416" - }, - { - "name" : "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335" - }, - { - "name" : "69383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69383" - }, - { - "name" : "1030757", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030757" - }, - { - "name" : "60222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60222" - }, - { - "name" : "ciscoios-cve20143335-dos(95443)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly perform NetFlow sampling of packets with multicast destination MAC addresses, which allows remote attackers to cause a denial of service (chip and card hangs) via a crafted packet, aka Bug ID CSCup77750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscoios-cve20143335-dos(95443)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95443" + }, + { + "name": "69383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69383" + }, + { + "name": "60222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60222" + }, + { + "name": "20140825 Cisco IOS XR Software Packet Parsing Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3335" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=35416" + }, + { + "name": "1030757", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030757" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3590.json b/2014/3xxx/CVE-2014-3590.json index 167c97f2683..6a4f282e2d5 100644 --- a/2014/3xxx/CVE-2014-3590.json +++ b/2014/3xxx/CVE-2014-3590.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3590", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3590", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3921.json b/2014/3xxx/CVE-2014-3921.json index 584f6153c79..1860b2dd5f6 100644 --- a/2014/3xxx/CVE-2014-3921.json +++ b/2014/3xxx/CVE-2014-3921.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html" - }, - { - "name" : "67562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126763/WordPress-Simple-Popup-Cross-Site-Scripting.html" + }, + { + "name": "67562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67562" + } + ] + } +} \ No newline at end of file diff --git a/2014/3xxx/CVE-2014-3935.json b/2014/3xxx/CVE-2014-3935.json index 929c8b282bb..33f7d8f346f 100644 --- a/2014/3xxx/CVE-2014-3935.json +++ b/2014/3xxx/CVE-2014-3935.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-3935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-3935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/126701", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/126701" - }, - { - "name" : "67460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/67460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "67460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/67460" + }, + { + "name": "http://packetstormsecurity.com/files/126701", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/126701" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6067.json b/2014/6xxx/CVE-2014-6067.json index 0b0d8d23fd8..d2795dc88d3 100644 --- a/2014/6xxx/CVE-2014-6067.json +++ b/2014/6xxx/CVE-2014-6067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6429.json b/2014/6xxx/CVE-2014-6429.json index caf6ce290bc..1a7da10764b 100644 --- a/2014/6xxx/CVE-2014-6429.json +++ b/2014/6xxx/CVE-2014-6429.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-19.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-19.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1676", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1676" - }, - { - "name" : "http://linux.oracle.com/errata/ELSA-2014-1677", - "refsource" : "CONFIRM", - "url" : "http://linux.oracle.com/errata/ELSA-2014-1677" - }, - { - "name" : "DSA-3049", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3049" - }, - { - "name" : "RHSA-2014:1676", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1676.html" - }, - { - "name" : "RHSA-2014:1677", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1677.html" - }, - { - "name" : "SUSE-SU-2014:1221", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" - }, - { - "name" : "openSUSE-SU-2014:1249", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" - }, - { - "name" : "60578", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60578" - }, - { - "name" : "60280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60280" - }, - { - "name" : "61929", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61929" - }, - { - "name" : "61933", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1676", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1676" + }, + { + "name": "61933", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61933" + }, + { + "name": "openSUSE-SU-2014:1249", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00058.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10461" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-19.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-19.html" + }, + { + "name": "RHSA-2014:1677", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1677.html" + }, + { + "name": "RHSA-2014:1676", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1676.html" + }, + { + "name": "DSA-3049", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3049" + }, + { + "name": "SUSE-SU-2014:1221", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00033.html" + }, + { + "name": "60280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60280" + }, + { + "name": "60578", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60578" + }, + { + "name": "http://linux.oracle.com/errata/ELSA-2014-1677", + "refsource": "CONFIRM", + "url": "http://linux.oracle.com/errata/ELSA-2014-1677" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47c592938ba9f0caeacc4c2ccadb370e72f293a2" + }, + { + "name": "61929", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61929" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6695.json b/2014/6xxx/CVE-2014-6695.json index c5aff36d323..c31e1de358d 100644 --- a/2014/6xxx/CVE-2014-6695.json +++ b/2014/6xxx/CVE-2014-6695.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#217649", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/217649" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#217649", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/217649" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6828.json b/2014/6xxx/CVE-2014-6828.json index 7ab02539e2c..937af57cde6 100644 --- a/2014/6xxx/CVE-2014-6828.json +++ b/2014/6xxx/CVE-2014-6828.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6828", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6828", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#321665", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/321665" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + }, + { + "name": "VU#321665", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/321665" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7068.json b/2014/7xxx/CVE-2014-7068.json index 91db23256f3..d26235e0df4 100644 --- a/2014/7xxx/CVE-2014-7068.json +++ b/2014/7xxx/CVE-2014-7068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#234545", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/234545" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neumann Student Activities (aka com.appmakr.app153856) application 216607 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#234545", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/234545" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7120.json b/2014/7xxx/CVE-2014-7120.json index 23d93f32b9a..ba192a019ac 100644 --- a/2014/7xxx/CVE-2014-7120.json +++ b/2014/7xxx/CVE-2014-7120.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#775657", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/775657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#775657", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/775657" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7147.json b/2014/7xxx/CVE-2014-7147.json index baffc99f0b3..71dfc0826b0 100644 --- a/2014/7xxx/CVE-2014-7147.json +++ b/2014/7xxx/CVE-2014-7147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7296.json b/2014/7xxx/CVE-2014-7296.json index 675b4c76364..0f46ea86871 100644 --- a/2014/7xxx/CVE-2014-7296.json +++ b/2014/7xxx/CVE-2014-7296.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://spagoworld.org/jira/browse/SPAGOBI-1885", - "refsource" : "CONFIRM", - "url" : "http://spagoworld.org/jira/browse/SPAGOBI-1885" - }, - { - "name" : "70240", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://spagoworld.org/jira/browse/SPAGOBI-1885", + "refsource": "CONFIRM", + "url": "http://spagoworld.org/jira/browse/SPAGOBI-1885" + }, + { + "name": "70240", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70240" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7355.json b/2014/7xxx/CVE-2014-7355.json index 937c80b8b14..8bc3a185597 100644 --- a/2014/7xxx/CVE-2014-7355.json +++ b/2014/7xxx/CVE-2014-7355.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7355", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7355", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8018.json b/2014/8xxx/CVE-2014-8018.json index 918cfdb5ed3..6d27b6991be 100644 --- a/2014/8xxx/CVE-2014-8018.json +++ b/2014/8xxx/CVE-2014-8018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2014-8018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141222 Cisco Unified Communications Domain Manager XSS Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018" - }, - { - "name" : "71771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/71771" - }, - { - "name" : "1031424", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1031424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20141222 Cisco Unified Communications Domain Manager XSS Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8018" + }, + { + "name": "1031424", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1031424" + }, + { + "name": "71771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/71771" + } + ] + } +} \ No newline at end of file diff --git a/2014/8xxx/CVE-2014-8589.json b/2014/8xxx/CVE-2014-8589.json index ec36fe96099..71505446dbb 100644 --- a/2014/8xxx/CVE-2014-8589.json +++ b/2014/8xxx/CVE-2014-8589.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-8589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-8589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", - "refsource" : "MISC", - "url" : "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" - }, - { - "name" : "https://service.sap.com/sap/support/notes/2037492", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/2037492" - }, - { - "name" : "https://twitter.com/SAP_Gsupport/status/522779507372339200", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/SAP_Gsupport/status/522779507372339200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/SAP_Gsupport/status/522779507372339200", + "refsource": "CONFIRM", + "url": "https://twitter.com/SAP_Gsupport/status/522779507372339200" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/" + }, + { + "name": "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-14-014-saprouter-integer-overflow-dos/" + }, + { + "name": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/", + "refsource": "MISC", + "url": "http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/" + }, + { + "name": "https://service.sap.com/sap/support/notes/2037492", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/2037492" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2449.json b/2016/2xxx/CVE-2016-2449.json index f21277eab4c..1e90f541364 100644 --- a/2016/2xxx/CVE-2016-2449.json +++ b/2016/2xxx/CVE-2016-2449.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2016-2449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://source.android.com/security/bulletin/2016-05-01.html", - "refsource" : "CONFIRM", - "url" : "http://source.android.com/security/bulletin/2016-05-01.html" - }, - { - "name" : "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353", - "refsource" : "CONFIRM", - "url" : "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://source.android.com/security/bulletin/2016-05-01.html", + "refsource": "CONFIRM", + "url": "http://source.android.com/security/bulletin/2016-05-01.html" + }, + { + "name": "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353", + "refsource": "CONFIRM", + "url": "https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353" + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2637.json b/2016/2xxx/CVE-2016-2637.json index 247fc919f39..d96713c8845 100644 --- a/2016/2xxx/CVE-2016-2637.json +++ b/2016/2xxx/CVE-2016-2637.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2637", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2637", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2670.json b/2016/2xxx/CVE-2016-2670.json index 98b050f019b..21fc2231a0b 100644 --- a/2016/2xxx/CVE-2016-2670.json +++ b/2016/2xxx/CVE-2016-2670.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2670", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2670", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2016/2xxx/CVE-2016-2747.json b/2016/2xxx/CVE-2016-2747.json index 6f576bf17aa..65961cb8cd2 100644 --- a/2016/2xxx/CVE-2016-2747.json +++ b/2016/2xxx/CVE-2016-2747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2016-2747", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-2747", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18295.json b/2017/18xxx/CVE-2017-18295.json index 6f1651d5893..dad6143d5fb 100644 --- a/2017/18xxx/CVE-2017-18295.json +++ b/2017/18xxx/CVE-2017-18295.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-18295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in DSP Services" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-18295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" - }, - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - }, - { - "name" : "1041432", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + }, + { + "name": "1041432", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041432" + }, + { + "name": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1404.json b/2017/1xxx/CVE-2017-1404.json index f67e9ff5072..487f7f5fb0a 100644 --- a/2017/1xxx/CVE-2017-1404.json +++ b/2017/1xxx/CVE-2017-1404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1404", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1404", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1411.json b/2017/1xxx/CVE-2017-1411.json index 9a484e90b68..58c7f37ef6e 100644 --- a/2017/1xxx/CVE-2017-1411.json +++ b/2017/1xxx/CVE-2017-1411.json @@ -1,106 +1,106 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-08-01T00:00:00", - "ID" : "CVE-2017-1411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Security Identity Governance and Intelligence", - "version" : { - "version_data" : [ - { - "version_value" : "5.2" - }, - { - "version_value" : "5.2.1" - }, - { - "version_value" : "5.2.2" - }, - { - "version_value" : "5.2.2.1" - }, - { - "version_value" : "5.2.3" - }, - { - "version_value" : "5.2.3.1" - }, - { - "version_value" : "5.2.3.2" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "H", - "AV" : "N", - "C" : "H", - "I" : "N", - "PR" : "N", - "S" : "U", - "SCORE" : "5.900", - "UI" : "N" - }, - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-08-01T00:00:00", + "ID": "CVE-2017-1411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Identity Governance and Intelligence", + "version": { + "version_data": [ + { + "version_value": "5.2" + }, + { + "version_value": "5.2.1" + }, + { + "version_value": "5.2.2" + }, + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.2.3" + }, + { + "version_value": "5.2.3.1" + }, + { + "version_value": "5.2.3.2" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869" - }, - { - "name" : "ibm-sig-cve20171411-info-disc(127399)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "H", + "AV": "N", + "C": "H", + "I": "N", + "PR": "N", + "S": "U", + "SCORE": "5.900", + "UI": "N" + }, + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-sig-cve20171411-info-disc(127399)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22016869", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22016869" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1587.json b/2017/1xxx/CVE-2017-1587.json index 9ca09582dd8..7b3970765d7 100644 --- a/2017/1xxx/CVE-2017-1587.json +++ b/2017/1xxx/CVE-2017-1587.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1587", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1587", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1608.json b/2017/1xxx/CVE-2017-1608.json index 1984ced7de9..9d4b084268b 100644 --- a/2017/1xxx/CVE-2017-1608.json +++ b/2017/1xxx/CVE-2017-1608.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-28T00:00:00", - "ID" : "CVE-2017-1608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rational Quality Manager", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - }, - { - "product_name" : "Rational Collaborative Lifecycle Management", - "version" : { - "version_data" : [ - { - "version_value" : "5.0" - }, - { - "version_value" : "5.0.1" - }, - { - "version_value" : "5.0.2" - }, - { - "version_value" : "6.0" - }, - { - "version_value" : "6.0.1" - }, - { - "version_value" : "6.0.2" - }, - { - "version_value" : "6.0.3" - }, - { - "version_value" : "6.0.4" - }, - { - "version_value" : "6.0.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928." - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "A" : "N", - "AC" : "L", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "S" : "C", - "SCORE" : "5.400", - "UI" : "R" - }, - "TM" : { - "E" : "H", - "RC" : "C", - "RL" : "O" - } - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2018-06-28T00:00:00", + "ID": "CVE-2017-1608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rational Quality Manager", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + }, + { + "product_name": "Rational Collaborative Lifecycle Management", + "version": { + "version_data": [ + { + "version_value": "5.0" + }, + { + "version_value": "5.0.1" + }, + { + "version_value": "5.0.2" + }, + { + "version_value": "6.0" + }, + { + "version_value": "6.0.1" + }, + { + "version_value": "6.0.2" + }, + { + "version_value": "6.0.3" + }, + { + "version_value": "6.0.4" + }, + { + "version_value": "6.0.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "ibm-rqm-cve20171608-xss(132928)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 132928." + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "A": "N", + "AC": "L", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "S": "C", + "SCORE": "5.400", + "UI": "R" + }, + "TM": { + "E": "H", + "RC": "C", + "RL": "O" + } + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + }, + { + "name": "ibm-rqm-cve20171608-xss(132928)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/132928" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1816.json b/2017/1xxx/CVE-2017-1816.json index d636bd73c26..be5b3f42944 100644 --- a/2017/1xxx/CVE-2017-1816.json +++ b/2017/1xxx/CVE-2017-1816.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1816", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1816", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1966.json b/2017/1xxx/CVE-2017-1966.json index 11a6f94d610..bccc1a79920 100644 --- a/2017/1xxx/CVE-2017-1966.json +++ b/2017/1xxx/CVE-2017-1966.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1966", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-1966", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5003.json b/2017/5xxx/CVE-2017-5003.json index 64455f5f370..8f78f43a08a 100644 --- a/2017/5xxx/CVE-2017-5003.json +++ b/2017/5xxx/CVE-2017-5003.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-5003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-5003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels", + "version": { + "version_data": [ + { + "version_value": "RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels, RSA Via Lifecycle and Governance version 7.0, all patch levels, RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded", - "refsource" : "CONFIRM", - "url" : "http://www.securityfocus.com/archive/1/540693/30/0/threaded" - }, - { - "name" : "98974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98974" - }, - { - "name" : "1038648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross Site Scripting Vulnerabilities and Stored Cross Site Scripting Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038648" + }, + { + "name": "98974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98974" + }, + { + "name": "http://www.securityfocus.com/archive/1/540693/30/0/threaded", + "refsource": "CONFIRM", + "url": "http://www.securityfocus.com/archive/1/540693/30/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5714.json b/2017/5xxx/CVE-2017-5714.json index f786148e32e..7bdd084a36c 100644 --- a/2017/5xxx/CVE-2017-5714.json +++ b/2017/5xxx/CVE-2017-5714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5953.json b/2017/5xxx/CVE-2017-5953.json index 51feb844f91..a1dbe4de52f 100644 --- a/2017/5xxx/CVE-2017-5953.json +++ b/2017/5xxx/CVE-2017-5953.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", - "refsource" : "CONFIRM", - "url" : "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d" - }, - { - "name" : "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY" - }, - { - "name" : "DSA-3786", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3786" - }, - { - "name" : "GLSA-201706-26", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-26" - }, - { - "name" : "96217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-26", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-26" + }, + { + "name": "96217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96217" + }, + { + "name": "DSA-3786", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3786" + }, + { + "name": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d", + "refsource": "CONFIRM", + "url": "https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d" + }, + { + "name": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY" + } + ] + } +} \ No newline at end of file