diff --git a/2006/2xxx/CVE-2006-2019.json b/2006/2xxx/CVE-2006-2019.json index f204fabf22a..310b52031d3 100644 --- a/2006/2xxx/CVE-2006-2019.json +++ b/2006/2xxx/CVE-2006-2019.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060424 Apple Mac OS X Safari 2.0.3 Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431874/100/0/threaded" - }, - { - "name" : "20060424 Re: Apple Mac OS X Safari 2.0.3 Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/431944/100/0/threaded" - }, - { - "name" : "20060424 Apple Mac OS X Safari 2.0.3 Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045472.html" - }, - { - "name" : "1715", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/1715" - }, - { - "name" : "17674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17674" - }, - { - "name" : "ADV-2006-1508", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1508" - }, - { - "name" : "1015982", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1015982" - }, - { - "name" : "19763", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19763" - }, - { - "name" : "macosx-safari-table-dos(25998)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "17674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17674" + }, + { + "name": "20060424 Re: Apple Mac OS X Safari 2.0.3 Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431944/100/0/threaded" + }, + { + "name": "1015982", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1015982" + }, + { + "name": "1715", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/1715" + }, + { + "name": "20060424 Apple Mac OS X Safari 2.0.3 Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045472.html" + }, + { + "name": "20060424 Apple Mac OS X Safari 2.0.3 Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/431874/100/0/threaded" + }, + { + "name": "ADV-2006-1508", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1508" + }, + { + "name": "19763", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19763" + }, + { + "name": "macosx-safari-table-dos(25998)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25998" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2120.json b/2006/2xxx/CVE-2006-2120.json index 4b5faa6292b..84f24c296a5 100644 --- a/2006/2xxx/CVE-2006-2120.json +++ b/2006/2xxx/CVE-2006-2120.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-2120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm" - }, - { - "name" : "DSA-1078", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1078" - }, - { - "name" : "MDKSA-2006:082", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082" - }, - { - "name" : "RHSA-2006:0425", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0425.html" - }, - { - "name" : "20060501-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" - }, - { - "name" : "2006-0024", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2006/0024" - }, - { - "name" : "USN-277-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/277-1/" - }, - { - "name" : "17809", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/17809" - }, - { - "name" : "oval:org.mitre.oval:def:9572", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572" - }, - { - "name" : "19936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19936" - }, - { - "name" : "19949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19949" - }, - { - "name" : "19964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19964" - }, - { - "name" : "20023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20023" - }, - { - "name" : "20330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20330" - }, - { - "name" : "20210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20210" - }, - { - "name" : "20667", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20210" + }, + { + "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065", + "refsource": "CONFIRM", + "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1065" + }, + { + "name": "19949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19949" + }, + { + "name": "17809", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/17809" + }, + { + "name": "USN-277-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/277-1/" + }, + { + "name": "20667", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20667" + }, + { + "name": "19936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19936" + }, + { + "name": "19964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19964" + }, + { + "name": "2006-0024", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2006/0024" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974" + }, + { + "name": "20330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20330" + }, + { + "name": "DSA-1078", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1078" + }, + { + "name": "20060501-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm" + }, + { + "name": "RHSA-2006:0425", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html" + }, + { + "name": "oval:org.mitre.oval:def:9572", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572" + }, + { + "name": "MDKSA-2006:082", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082" + }, + { + "name": "20023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20023" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2716.json b/2006/2xxx/CVE-2006-2716.json index 510af8901b1..bbe325718e7 100644 --- a/2006/2xxx/CVE-2006-2716.json +++ b/2006/2xxx/CVE-2006-2716.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/WDON-6QAP4D", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/WDON-6QAP4D" - }, - { - "name" : "VU#584329", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/584329" - }, - { - "name" : "ADV-2006-2069", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2069" - }, - { - "name" : "1016184", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016184" - }, - { - "name" : "20378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20378" - }, - { - "name" : "c5evm-default-account(26763)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "c5evm-default-account(26763)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26763" + }, + { + "name": "20378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20378" + }, + { + "name": "VU#584329", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/584329" + }, + { + "name": "ADV-2006-2069", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2069" + }, + { + "name": "1016184", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016184" + }, + { + "name": "http://www.kb.cert.org/vuls/id/WDON-6QAP4D", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/WDON-6QAP4D" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2942.json b/2006/2xxx/CVE-2006-2942.json index d88551765b2..26f32d83887 100644 --- a/2006/2xxx/CVE-2006-2942.json +++ b/2006/2xxx/CVE-2006-2942.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html" - }, - { - "name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation", - "refsource" : "CONFIRM", - "url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation" - }, - { - "name" : "18506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18506" - }, - { - "name" : "ADV-2006-2415", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2415" - }, - { - "name" : "26623", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26623" - }, - { - "name" : "1016323", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016323" - }, - { - "name" : "20596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20596" - }, - { - "name" : "twiki-action-security-bypass(27336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "26623", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26623" + }, + { + "name": "20596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20596" + }, + { + "name": "twiki-action-security-bypass(27336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27336" + }, + { + "name": "ADV-2006-2415", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2415" + }, + { + "name": "1016323", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016323" + }, + { + "name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation", + "refsource": "CONFIRM", + "url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation" + }, + { + "name": "18506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18506" + }, + { + "name": "20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2949.json b/2006/2xxx/CVE-2006-2949.json index e5868d360a4..1ea7868a5d2 100644 --- a/2006/2xxx/CVE-2006-2949.json +++ b/2006/2xxx/CVE-2006-2949.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060606 MyBB 1.1.2 New XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436286/100/0/threaded" - }, - { - "name" : "18297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18297" - }, - { - "name" : "ADV-2006-2190", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2190" - }, - { - "name" : "20492", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20492" - }, - { - "name" : "mybb-private-xss(26994)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18297" + }, + { + "name": "20492", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20492" + }, + { + "name": "ADV-2006-2190", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2190" + }, + { + "name": "mybb-private-xss(26994)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26994" + }, + { + "name": "20060606 MyBB 1.1.2 New XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436286/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/2xxx/CVE-2006-2991.json b/2006/2xxx/CVE-2006-2991.json index 0f04804a6ee..8e58d033dd7 100644 --- a/2006/2xxx/CVE-2006-2991.json +++ b/2006/2xxx/CVE-2006-2991.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-2991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-2991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060610 Ringlink v3.2 - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436690/100/0/threaded" - }, - { - "name" : "18360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18360" - }, - { - "name" : "ADV-2006-2281", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2281" - }, - { - "name" : "26318", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26318" - }, - { - "name" : "26319", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26319" - }, - { - "name" : "26320", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/26320" - }, - { - "name" : "20590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20590" - }, - { - "name" : "1082", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1082" - }, - { - "name" : "ringlink-multiple-scripts-xss(27053)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20590" + }, + { + "name": "18360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18360" + }, + { + "name": "26318", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26318" + }, + { + "name": "1082", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1082" + }, + { + "name": "26320", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26320" + }, + { + "name": "ADV-2006-2281", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2281" + }, + { + "name": "20060610 Ringlink v3.2 - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436690/100/0/threaded" + }, + { + "name": "ringlink-multiple-scripts-xss(27053)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27053" + }, + { + "name": "26319", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/26319" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3064.json b/2006/3xxx/CVE-2006-3064.json index ea77b56299d..4387bfef379 100644 --- a/2006/3xxx/CVE-2006-3064.json +++ b/2006/3xxx/CVE-2006-3064.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when \"Keep detailed hit statistics\" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/436799/30/4470/threaded" - }, - { - "name" : "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html", - "refsource" : "MISC", - "url" : "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html" - }, - { - "name" : "ADV-2006-2317", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2317" - }, - { - "name" : "20597", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when \"Keep detailed hit statistics\" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2006-2317", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2317" + }, + { + "name": "20060611 [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/436799/30/4470/threaded" + }, + { + "name": "20597", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20597" + }, + { + "name": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html", + "refsource": "MISC", + "url": "http://myimei.com/security/2006-06-11/copperminephotogallery148-addhit-function-sqlinjection-attack.html" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3366.json b/2006/3xxx/CVE-2006-3366.json index 9e0949e865b..e698cd13a4a 100644 --- a/2006/3xxx/CVE-2006-3366.json +++ b/2006/3xxx/CVE-2006-3366.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder 'messenger' was never available to the general public...\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060617 V3Chat Instant Messenger - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/437755/100/200/threaded" - }, - { - "name" : "20060622 Re: V3Chat Instant Messenger - XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/438069/100/200/threaded" - }, - { - "name" : "18543", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18543" - }, - { - "name" : "ADV-2006-2474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2474" - }, - { - "name" : "1016340", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder 'messenger' was never available to the general public...\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18543", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18543" + }, + { + "name": "1016340", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016340" + }, + { + "name": "20060617 V3Chat Instant Messenger - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded" + }, + { + "name": "ADV-2006-2474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2474" + }, + { + "name": "20060622 Re: V3Chat Instant Messenger - XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3486.json b/2006/3xxx/CVE-2006-3486.json index f8a5788acb5..03aa78583d6 100644 --- a/2006/3xxx/CVE-2006-3486.json +++ b/2006/3xxx/CVE-2006-3486.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.mysql.com/bug.php?id=20622", - "refsource" : "MISC", - "url" : "http://bugs.mysql.com/bug.php?id=20622" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html", - "refsource" : "MISC", - "url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html" - }, - { - "name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html", - "refsource" : "MISC", - "url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html" - }, - { - "name" : "ADV-2006-2700", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/2700" - }, - { - "name" : "mysql-instancemanager-dos(27635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysql-instancemanager-dos(27635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27635" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html", + "refsource": "MISC", + "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-12.html" + }, + { + "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html", + "refsource": "MISC", + "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-23.html" + }, + { + "name": "http://bugs.mysql.com/bug.php?id=20622", + "refsource": "MISC", + "url": "http://bugs.mysql.com/bug.php?id=20622" + }, + { + "name": "ADV-2006-2700", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/2700" + } + ] + } +} \ No newline at end of file diff --git a/2006/3xxx/CVE-2006-3543.json b/2006/3xxx/CVE-2006-3543.json index 99bc7a7e635..eecf774b3ce 100644 --- a/2006/3xxx/CVE-2006-3543.json +++ b/2006/3xxx/CVE-2006-3543.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-3543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-3543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20060704 Invision Power Board \"v1.X & 2.X\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439145/100/0/threaded" - }, - { - "name" : "20060710 Re: Invision Power Board \"v1.X & 2.X\" SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/439602/100/0/threaded" - }, - { - "name" : "18836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18836" - }, - { - "name" : "30084", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30084" - }, - { - "name" : "1231", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/1231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the \"CODE attribute is never present in an SQL query\" and the \"'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features\". It is unknown whether these vectors are associated with an independent module or modification of IPB." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18836" + }, + { + "name": "1231", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/1231" + }, + { + "name": "20060704 Invision Power Board \"v1.X & 2.X\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439145/100/0/threaded" + }, + { + "name": "30084", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30084" + }, + { + "name": "20060710 Re: Invision Power Board \"v1.X & 2.X\" SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/439602/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2006/4xxx/CVE-2006-4539.json b/2006/4xxx/CVE-2006-4539.json index def90a91b27..b6f27926579 100644 --- a/2006/4xxx/CVE-2006-4539.json +++ b/2006/4xxx/CVE-2006-4539.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-4539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-4539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_company_tickets.php.diff?r1=1.6;r2=1.7;f=h", - "refsource" : "MISC", - "url" : "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_company_tickets.php.diff?r1=1.6;r2=1.7;f=h" - }, - { - "name" : "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_track_tickets.php.diff?r1=1.17;r2=1.18;f=h", - "refsource" : "MISC", - "url" : "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_track_tickets.php.diff?r1=1.17;r2=1.18;f=h" - }, - { - "name" : "http://forum.cerberusweb.com/showthread.php?t=7671", - "refsource" : "CONFIRM", - "url" : "http://forum.cerberusweb.com/showthread.php?t=7671" - }, - { - "name" : "19797", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/19797" - }, - { - "name" : "ADV-2006-3421", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3421" - }, - { - "name" : "28317", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/28317" - }, - { - "name" : "1016976", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016976" - }, - { - "name" : "21706", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.cerberusweb.com/showthread.php?t=7671", + "refsource": "CONFIRM", + "url": "http://forum.cerberusweb.com/showthread.php?t=7671" + }, + { + "name": "21706", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21706" + }, + { + "name": "1016976", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016976" + }, + { + "name": "19797", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/19797" + }, + { + "name": "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_company_tickets.php.diff?r1=1.6;r2=1.7;f=h", + "refsource": "MISC", + "url": "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_company_tickets.php.diff?r1=1.6;r2=1.7;f=h" + }, + { + "name": "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_track_tickets.php.diff?r1=1.17;r2=1.18;f=h", + "refsource": "MISC", + "url": "http://cerberusweb.com/cvsweb.pl/support-center/cerberus-support-center/includes/widgets/module_track_tickets.php.diff?r1=1.17;r2=1.18;f=h" + }, + { + "name": "ADV-2006-3421", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3421" + }, + { + "name": "28317", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/28317" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6061.json b/2006/6xxx/CVE-2006-6061.json index 355bf2ce6bf..757bb663a82 100644 --- a/2006/6xxx/CVE-2006-6061.json +++ b/2006/6xxx/CVE-2006-6061.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html", - "refsource" : "MISC", - "url" : "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html" - }, - { - "name" : "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html", - "refsource" : "MISC", - "url" : "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html" - }, - { - "name" : "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/", - "refsource" : "MISC", - "url" : "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/" - }, - { - "name" : "http://alastairs-place.net/2006/11/dmg-vulnerability/", - "refsource" : "MISC", - "url" : "http://alastairs-place.net/2006/11/dmg-vulnerability/" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=305214", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=305214" - }, - { - "name" : "APPLE-SA-2007-03-13", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" - }, - { - "name" : "TA07-072A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" - }, - { - "name" : "VU#367424", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/367424" - }, - { - "name" : "21201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21201" - }, - { - "name" : "ADV-2006-4629", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4629" - }, - { - "name" : "ADV-2007-0930", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0930" - }, - { - "name" : "30509", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/30509" - }, - { - "name" : "1017260", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017260" - }, - { - "name" : "1017751", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1017751" - }, - { - "name" : "23012", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23012" - }, - { - "name" : "24479", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24479" - }, - { - "name" : "macosx-dmg-code-execution(30440)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://alastairs-place.net/2006/11/dmg-vulnerability/", + "refsource": "MISC", + "url": "http://alastairs-place.net/2006/11/dmg-vulnerability/" + }, + { + "name": "TA07-072A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA07-072A.html" + }, + { + "name": "APPLE-SA-2007-03-13", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=305214", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=305214" + }, + { + "name": "1017751", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1017751" + }, + { + "name": "23012", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23012" + }, + { + "name": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/", + "refsource": "MISC", + "url": "http://www.matasano.com/log/633/alastair-houghton-debunks-lmh-mokb-finding/" + }, + { + "name": "ADV-2006-4629", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4629" + }, + { + "name": "30509", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/30509" + }, + { + "name": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html", + "refsource": "MISC", + "url": "http://projects.info-pull.com/mokb/MOKB-20-11-2006.html" + }, + { + "name": "VU#367424", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/367424" + }, + { + "name": "ADV-2007-0930", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0930" + }, + { + "name": "1017260", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017260" + }, + { + "name": "21201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21201" + }, + { + "name": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html", + "refsource": "MISC", + "url": "http://kernelfun.blogspot.com/2006/11/more-mokb-20-11-2006-related-news.html" + }, + { + "name": "macosx-dmg-code-execution(30440)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30440" + }, + { + "name": "24479", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24479" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6502.json b/2006/6xxx/CVE-2006-6502.json index c41c6b82853..de39ea1996a 100644 --- a/2006/6xxx/CVE-2006-6502.json +++ b/2006/6xxx/CVE-2006-6502.json @@ -1,327 +1,327 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2006-6502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070102 rPSA-2006-0234-2 firefox thunderbird", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455728/100/200/threaded" - }, - { - "name" : "20061222 rPSA-2006-0234-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/455145/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/security/announce/2006/mfsa2006-71.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2006/mfsa2006-71.html" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-883", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-883" - }, - { - "name" : "DSA-1253", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1253" - }, - { - "name" : "DSA-1258", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1258" - }, - { - "name" : "DSA-1265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2007/dsa-1265" - }, - { - "name" : "FEDORA-2006-1491", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2297" - }, - { - "name" : "FEDORA-2007-004", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/cms/node/2338" - }, - { - "name" : "GLSA-200701-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200701-02.xml" - }, - { - "name" : "GLSA-200701-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" - }, - { - "name" : "GLSA-200701-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" - }, - { - "name" : "HPSBUX02153", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "SSRT061181", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" - }, - { - "name" : "MDKSA-2007:010", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" - }, - { - "name" : "MDKSA-2007:011", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" - }, - { - "name" : "RHSA-2006:0758", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0758.html" - }, - { - "name" : "RHSA-2006:0759", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0759.html" - }, - { - "name" : "RHSA-2006:0760", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2006-0760.html" - }, - { - "name" : "20061202-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" - }, - { - "name" : "SUSE-SA:2006:080", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" - }, - { - "name" : "SUSE-SA:2007:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" - }, - { - "name" : "USN-398-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-1" - }, - { - "name" : "USN-398-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-398-2" - }, - { - "name" : "USN-400-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-400-1" - }, - { - "name" : "TA06-354A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" - }, - { - "name" : "VU#428500", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/428500" - }, - { - "name" : "21668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21668" - }, - { - "name" : "oval:org.mitre.oval:def:9626", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626" - }, - { - "name" : "ADV-2006-5068", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/5068" - }, - { - "name" : "ADV-2008-0083", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0083" - }, - { - "name" : "1017411", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017411" - }, - { - "name" : "1017412", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017412" - }, - { - "name" : "1017413", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1017413" - }, - { - "name" : "23433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23433" - }, - { - "name" : "23439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23439" - }, - { - "name" : "23440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23440" - }, - { - "name" : "23282", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23282" - }, - { - "name" : "23420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23420" - }, - { - "name" : "23422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23422" - }, - { - "name" : "23468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23468" - }, - { - "name" : "23514", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23514" - }, - { - "name" : "23589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23589" - }, - { - "name" : "23601", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23601" - }, - { - "name" : "23545", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23545" - }, - { - "name" : "23591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23591" - }, - { - "name" : "23598", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23598" - }, - { - "name" : "23614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23614" - }, - { - "name" : "23618", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23618" - }, - { - "name" : "23692", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23692" - }, - { - "name" : "23672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23672" - }, - { - "name" : "23988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23988" - }, - { - "name" : "24078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24078" - }, - { - "name" : "24390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/24390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21668" + }, + { + "name": "23433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23433" + }, + { + "name": "MDKSA-2007:010", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:010" + }, + { + "name": "23439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23439" + }, + { + "name": "23672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23672" + }, + { + "name": "ADV-2006-5068", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/5068" + }, + { + "name": "23468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23468" + }, + { + "name": "23598", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23598" + }, + { + "name": "RHSA-2006:0758", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0758.html" + }, + { + "name": "DSA-1265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1265" + }, + { + "name": "24078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24078" + }, + { + "name": "23692", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23692" + }, + { + "name": "USN-398-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-2" + }, + { + "name": "GLSA-200701-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-04.xml" + }, + { + "name": "23282", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23282" + }, + { + "name": "24390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/24390" + }, + { + "name": "1017413", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017413" + }, + { + "name": "FEDORA-2006-1491", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2297" + }, + { + "name": "23422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23422" + }, + { + "name": "HPSBUX02153", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "23591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23591" + }, + { + "name": "1017412", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017412" + }, + { + "name": "23614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23614" + }, + { + "name": "RHSA-2006:0759", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0759.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2006/mfsa2006-71.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2006/mfsa2006-71.html" + }, + { + "name": "USN-398-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-398-1" + }, + { + "name": "ADV-2008-0083", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0083" + }, + { + "name": "FEDORA-2007-004", + "refsource": "FEDORA", + "url": "http://fedoranews.org/cms/node/2338" + }, + { + "name": "23420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23420" + }, + { + "name": "20061202-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc" + }, + { + "name": "23440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23440" + }, + { + "name": "SUSE-SA:2006:080", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2006_80_mozilla.html" + }, + { + "name": "20061222 rPSA-2006-0234-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455145/100/0/threaded" + }, + { + "name": "23545", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23545" + }, + { + "name": "23618", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23618" + }, + { + "name": "GLSA-200701-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-03.xml" + }, + { + "name": "TA06-354A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA06-354A.html" + }, + { + "name": "oval:org.mitre.oval:def:9626", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9626" + }, + { + "name": "1017411", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1017411" + }, + { + "name": "23589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23589" + }, + { + "name": "DSA-1253", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1253" + }, + { + "name": "DSA-1258", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2007/dsa-1258" + }, + { + "name": "SSRT061181", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742" + }, + { + "name": "https://issues.rpath.com/browse/RPL-883", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-883" + }, + { + "name": "20070102 rPSA-2006-0234-2 firefox thunderbird", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/455728/100/200/threaded" + }, + { + "name": "SUSE-SA:2007:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2007_06_mozilla.html" + }, + { + "name": "23601", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23601" + }, + { + "name": "23988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23988" + }, + { + "name": "MDKSA-2007:011", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:011" + }, + { + "name": "23514", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23514" + }, + { + "name": "GLSA-200701-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200701-02.xml" + }, + { + "name": "RHSA-2006:0760", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2006-0760.html" + }, + { + "name": "USN-400-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-400-1" + }, + { + "name": "VU#428500", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/428500" + } + ] + } +} \ No newline at end of file diff --git a/2006/6xxx/CVE-2006-6511.json b/2006/6xxx/CVE-2006-6511.json index bc1c0e2d2aa..40cc1ca03cd 100644 --- a/2006/6xxx/CVE-2006-6511.json +++ b/2006/6xxx/CVE-2006-6511.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-6511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-6511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.dadaimc.org/view.php?id=191", - "refsource" : "CONFIRM", - "url" : "http://bugs.dadaimc.org/view.php?id=191" - }, - { - "name" : "ADV-2006-4977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4977" - }, - { - "name" : "23305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23305" - }, - { - "name" : "dadaimc-filesmatch-command-execution(30862)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30862" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "23305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23305" + }, + { + "name": "ADV-2006-4977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4977" + }, + { + "name": "dadaimc-filesmatch-command-execution(30862)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30862" + }, + { + "name": "http://bugs.dadaimc.org/view.php?id=191", + "refsource": "CONFIRM", + "url": "http://bugs.dadaimc.org/view.php?id=191" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7167.json b/2006/7xxx/CVE-2006-7167.json index 41fc63c4416..2e61c6166c3 100644 --- a/2006/7xxx/CVE-2006-7167.json +++ b/2006/7xxx/CVE-2006-7167.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2006-7167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/20293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/20293" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0159.json b/2011/0xxx/CVE-2011-0159.json index 365fbecc206..006e15e5cf4 100644 --- a/2011/0xxx/CVE-2011-0159.json +++ b/2011/0xxx/CVE-2011-0159.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2011-0159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT4564", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT4564" - }, - { - "name" : "APPLE-SA-2011-03-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" - }, - { - "name" : "46810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/46810" - }, - { - "name" : "1025182", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT4564", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT4564" + }, + { + "name": "46810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/46810" + }, + { + "name": "APPLE-SA-2011-03-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html" + }, + { + "name": "1025182", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025182" + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0357.json b/2011/0xxx/CVE-2011-0357.json index d36d8be49ba..69edc1a4761 100644 --- a/2011/0xxx/CVE-2011-0357.json +++ b/2011/0xxx/CVE-2011-0357.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0357", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0357", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/0xxx/CVE-2011-0399.json b/2011/0xxx/CVE-2011-0399.json index daef5fb70ae..50a32e2a8ca 100644 --- a/2011/0xxx/CVE-2011-0399.json +++ b/2011/0xxx/CVE-2011-0399.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-0399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-0399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.piwik.org/trac/ticket/1679", - "refsource" : "CONFIRM", - "url" : "http://dev.piwik.org/trac/ticket/1679" - }, - { - "name" : "http://piwik.org/blog/2011/01/piwik-1-1-2/", - "refsource" : "CONFIRM", - "url" : "http://piwik.org/blog/2011/01/piwik-1-1-2/" - }, - { - "name" : "45787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/45787" - }, - { - "name" : "70383", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/70383" - }, - { - "name" : "piwik-loginform-clickjacking(64640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/45787" + }, + { + "name": "http://dev.piwik.org/trac/ticket/1679", + "refsource": "CONFIRM", + "url": "http://dev.piwik.org/trac/ticket/1679" + }, + { + "name": "http://piwik.org/blog/2011/01/piwik-1-1-2/", + "refsource": "CONFIRM", + "url": "http://piwik.org/blog/2011/01/piwik-1-1-2/" + }, + { + "name": "piwik-loginform-clickjacking(64640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64640" + }, + { + "name": "70383", + "refsource": "OSVDB", + "url": "http://osvdb.org/70383" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1205.json b/2011/1xxx/CVE-2011-1205.json index 29dba9367f0..ccebc3bac56 100644 --- a/2011/1xxx/CVE-2011-1205.json +++ b/2011/1xxx/CVE-2011-1205.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21470998", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21470998" - }, - { - "name" : "1025269", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025269" - }, - { - "name" : "1025268", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1025268" - }, - { - "name" : "ADV-2011-0832", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0832" - }, - { - "name" : "rational-licensing-code-execution(66304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304" - }, - { - "name" : "rational-licensing-code-execution(66324)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rational-licensing-code-execution(66304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66304" + }, + { + "name": "rational-licensing-code-execution(66324)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66324" + }, + { + "name": "ADV-2011-0832", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0832" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21470998", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21470998" + }, + { + "name": "1025269", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025269" + }, + { + "name": "1025268", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1025268" + } + ] + } +} \ No newline at end of file diff --git a/2011/1xxx/CVE-2011-1581.json b/2011/1xxx/CVE-2011-1581.json index 94e5ac8cdd7..b05e5f47767 100644 --- a/2011/1xxx/CVE-2011-1581.json +++ b/2011/1xxx/CVE-2011-1581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-1581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-1581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110413 CVE request - kernel: bonding: Incorrect TX queue offset", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/4" - }, - { - "name" : "[oss-security] 20110413 Re: CVE request - kernel: bonding: Incorrect TX queue offset", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2011/04/13/16" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd0e435b0fe85622f167b84432552885a4856ac8", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd0e435b0fe85622f167b84432552885a4856ac8" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=696029", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696029" - }, - { - "name" : "1025558", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1025558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110413 CVE request - kernel: bonding: Incorrect TX queue offset", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/4" + }, + { + "name": "1025558", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1025558" + }, + { + "name": "[oss-security] 20110413 Re: CVE request - kernel: bonding: Incorrect TX queue offset", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2011/04/13/16" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=696029", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696029" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd0e435b0fe85622f167b84432552885a4856ac8", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fd0e435b0fe85622f167b84432552885a4856ac8" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3588.json b/2011/3xxx/CVE-2011-3588.json index affefc41e7e..38ba37db552 100644 --- a/2011/3xxx/CVE-2011-3588.json +++ b/2011/3xxx/CVE-2011-3588.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-3588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439" - }, - { - "name" : "RHSA-2011:1532", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2011-1532.html" - }, - { - "name" : "RHSA-2012:0152", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0152.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=716439", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=716439" + }, + { + "name": "RHSA-2011:1532", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2011-1532.html" + }, + { + "name": "RHSA-2012:0152", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0152.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3647.json b/2011/3xxx/CVE-2011-3647.json index f16b32e87a6..11496697f96 100644 --- a/2011/3xxx/CVE-2011-3647.json +++ b/2011/3xxx/CVE-2011-3647.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-46.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-46.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680880", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=680880" - }, - { - "name" : "RHSA-2011:1439", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1439.html" - }, - { - "name" : "SUSE-SU-2011:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" - }, - { - "name" : "oval:org.mitre.oval:def:13550", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=680880", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=680880" + }, + { + "name": "RHSA-2011:1439", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1439.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-46.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-46.html" + }, + { + "name": "SUSE-SU-2011:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html" + }, + { + "name": "oval:org.mitre.oval:def:13550", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13550" + } + ] + } +} \ No newline at end of file diff --git a/2011/3xxx/CVE-2011-3747.json b/2011/3xxx/CVE-2011-3747.json index 80a45e839a7..2dec7de01fd 100644 --- a/2011/3xxx/CVE-2011-3747.json +++ b/2011/3xxx/CVE-2011-3747.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-3747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-3747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" - }, - { - "name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0", - "refsource" : "MISC", - "url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Joomla! 1.6.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by libraries/phpmailer/language/phpmailer.lang-joomla.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/06/27/6" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" + }, + { + "name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0", + "refsource": "MISC", + "url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/joomla-1.6.0" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4132.json b/2011/4xxx/CVE-2011-4132.json index ba8558835c9..b4aa7f675ff 100644 --- a/2011/4xxx/CVE-2011-4132.json +++ b/2011/4xxx/CVE-2011-4132.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an \"invalid log first block value.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111111 CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/11/6" - }, - { - "name" : "[oss-security] 20111113 Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/13/4" - }, - { - "name" : "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/", - "refsource" : "MISC", - "url" : "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=753341", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=753341" - }, - { - "name" : "SUSE-SU-2015:0812", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" - }, - { - "name" : "SUSE-SU-2012:0554", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" - }, - { - "name" : "50663", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/50663" - }, - { - "name" : "1026325", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026325" - }, - { - "name" : "48898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an \"invalid log first block value.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:0554", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00021.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe" + }, + { + "name": "48898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48898" + }, + { + "name": "1026325", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026325" + }, + { + "name": "50663", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/50663" + }, + { + "name": "[oss-security] 20111111 CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/11/6" + }, + { + "name": "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/", + "refsource": "MISC", + "url": "http://xorl.wordpress.com/2011/12/08/cve-2011-4132-linux-kernel-jbdjbd2-local-dos/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=753341", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753341" + }, + { + "name": "[oss-security] 20111113 Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/13/4" + }, + { + "name": "SUSE-SU-2015:0812", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4314.json b/2011/4xxx/CVE-2011-4314.json index 38d192bef5c..ade4840e637 100644 --- a/2011/4xxx/CVE-2011-4314.json +++ b/2011/4xxx/CVE-2011-4314.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2011-4314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/16/1" - }, - { - "name" : "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2011/11/17/1" - }, - { - "name" : "http://openid.net/2011/05/05/attribute-exchange-security-alert/", - "refsource" : "CONFIRM", - "url" : "http://openid.net/2011/05/05/attribute-exchange-security-alert/" - }, - { - "name" : "https://issues.jboss.org/browse/JBEPP-1368", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/JBEPP-1368" - }, - { - "name" : "https://issues.jboss.org/browse/SOA-3597", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/SOA-3597" - }, - { - "name" : "RHSA-2011:1804", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-1804.html" - }, - { - "name" : "RHSA-2012:0441", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0441.html" - }, - { - "name" : "RHSA-2012:0519", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0519.html" - }, - { - "name" : "1026400", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026400" - }, - { - "name" : "44496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/44496" - }, - { - "name" : "48697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48697" - }, - { - "name" : "48954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48954" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2011:1804", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-1804.html" + }, + { + "name": "44496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/44496" + }, + { + "name": "http://openid.net/2011/05/05/attribute-exchange-security-alert/", + "refsource": "CONFIRM", + "url": "http://openid.net/2011/05/05/attribute-exchange-security-alert/" + }, + { + "name": "RHSA-2012:0519", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html" + }, + { + "name": "48954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48954" + }, + { + "name": "RHSA-2012:0441", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html" + }, + { + "name": "[oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/16/1" + }, + { + "name": "https://issues.jboss.org/browse/SOA-3597", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/SOA-3597" + }, + { + "name": "https://issues.jboss.org/browse/JBEPP-1368", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/JBEPP-1368" + }, + { + "name": "1026400", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026400" + }, + { + "name": "[oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2011/11/17/1" + }, + { + "name": "48697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48697" + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4645.json b/2011/4xxx/CVE-2011-4645.json index 6cd6b81e3a0..6e4aa57a851 100644 --- a/2011/4xxx/CVE-2011-4645.json +++ b/2011/4xxx/CVE-2011-4645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4706.json b/2011/4xxx/CVE-2011-4706.json index fddc9bf8e5c..f5add018522 100644 --- a/2011/4xxx/CVE-2011-4706.json +++ b/2011/4xxx/CVE-2011-4706.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4706", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4706", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2011/4xxx/CVE-2011-4899.json b/2011/4xxx/CVE-2011-4899.json index 1e9f872a5b8..f2933579d8e 100644 --- a/2011/4xxx/CVE-2011-4899.json +++ b/2011/4xxx/CVE-2011-4899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2011-4899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2011-4899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html" - }, - { - "name" : "18417", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18417" - }, - { - "name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18417", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18417" + }, + { + "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt", + "refsource": "MISC", + "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt" + }, + { + "name": "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5184.json b/2013/5xxx/CVE-2013-5184.json index 4bf48b3c25c..e74535350cd 100644 --- a/2013/5xxx/CVE-2013-5184.json +++ b/2013/5xxx/CVE-2013-5184.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2013-5184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5200.json b/2013/5xxx/CVE-2013-5200.json index ce4d9dc9d58..74d8cd95666 100644 --- a/2013/5xxx/CVE-2013-5200.json +++ b/2013/5xxx/CVE-2013-5200.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5200", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5200", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130910 Open-Xchange Security Advisory 2013-09-10", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote attackers to obtain sensitive information or modify data via an API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130910 Open-Xchange Security Advisory 2013-09-10", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0032.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5255.json b/2013/5xxx/CVE-2013-5255.json index 66b03d12c91..1dede003eb4 100644 --- a/2013/5xxx/CVE-2013-5255.json +++ b/2013/5xxx/CVE-2013-5255.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5255", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-5255", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5562.json b/2013/5xxx/CVE-2013-5562.json index 7935e28d3ee..85a5f25ba80 100644 --- a/2013/5xxx/CVE-2013-5562.json +++ b/2013/5xxx/CVE-2013-5562.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2013-5562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131104 Cisco Prime Central For Hosted Collaboration Solution Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ITM web server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (temporary HTTP service outage) via a flood of TCP packets, aka Bug ID CSCuh36313." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131104 Cisco Prime Central For Hosted Collaboration Solution Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5562" + } + ] + } +} \ No newline at end of file diff --git a/2013/5xxx/CVE-2013-5838.json b/2013/5xxx/CVE-2013-5838.json index 698d9596db3..024a69ab061 100644 --- a/2013/5xxx/CVE-2013-5838.json +++ b/2013/5xxx/CVE-2013-5838.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-5838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-5838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" - }, - { - "name" : "HPSBUX02944", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=138674073720143&w=2" - }, - { - "name" : "RHSA-2013:1440", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1440.html" - }, - { - "name" : "RHSA-2013:1447", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1447.html" - }, - { - "name" : "RHSA-2013:1451", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1451.html" - }, - { - "name" : "RHSA-2013:1507", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1507.html" - }, - { - "name" : "SUSE-SU-2013:1677", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" - }, - { - "name" : "63131", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/63131" - }, - { - "name" : "98536", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98536" - }, - { - "name" : "oval:org.mitre.oval:def:19141", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19141" - }, - { - "name" : "56338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/56338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java SE Embedded 7u25 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1447", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1447.html" + }, + { + "name": "RHSA-2013:1440", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1440.html" + }, + { + "name": "SUSE-SU-2013:1677", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00013.html" + }, + { + "name": "oval:org.mitre.oval:def:19141", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19141" + }, + { + "name": "HPSBUX02944", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=138674073720143&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655201" + }, + { + "name": "98536", + "refsource": "OSVDB", + "url": "http://osvdb.org/98536" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" + }, + { + "name": "RHSA-2013:1507", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1507.html" + }, + { + "name": "56338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/56338" + }, + { + "name": "RHSA-2013:1451", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1451.html" + }, + { + "name": "63131", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/63131" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2276.json b/2014/2xxx/CVE-2014-2276.json index a4eddcf4683..4fb73f65205 100644 --- a/2014/2xxx/CVE-2014-2276.json +++ b/2014/2xxx/CVE-2014-2276.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20140318 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html" - }, - { - "name" : "66308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/66308" - }, - { - "name" : "1029939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029939" - }, - { - "name" : "57513", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57513" - }, - { - "name" : "connectrix-cve20142276-info-disc(91987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029939" + }, + { + "name": "57513", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57513" + }, + { + "name": "66308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/66308" + }, + { + "name": "connectrix-cve20142276-info-disc(91987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91987" + }, + { + "name": "20140318 ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2281.json b/2014/2xxx/CVE-2014-2281.json index 03e34255104..75668dc9b6d 100644 --- a/2014/2xxx/CVE-2014-2281.json +++ b/2014/2xxx/CVE-2014-2281.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2014-01.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2014-01.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" - }, - { - "name" : "DSA-2871", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2871" - }, - { - "name" : "RHSA-2014:0341", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html" - }, - { - "name" : "RHSA-2014:0342", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0342.html" - }, - { - "name" : "openSUSE-SU-2014:0382", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" - }, - { - "name" : "openSUSE-SU-2014:0383", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" - }, - { - "name" : "1029907", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029907" - }, - { - "name" : "57480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57480" - }, - { - "name" : "57489", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 does not validate a certain length value, which allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted NFS packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57489", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57489" + }, + { + "name": "RHSA-2014:0341", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672" + }, + { + "name": "57480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57480" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2014-01.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2014-01.html" + }, + { + "name": "openSUSE-SU-2014:0382", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark10" + }, + { + "name": "1029907", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029907" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=54875" + }, + { + "name": "openSUSE-SU-2014:0383", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html" + }, + { + "name": "DSA-2871", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2871" + }, + { + "name": "RHSA-2014:0342", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=54875&r2=54874&pathrev=54875" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2547.json b/2014/2xxx/CVE-2014-2547.json index b97c535f152..e1cc3edcc78 100644 --- a/2014/2xxx/CVE-2014-2547.json +++ b/2014/2xxx/CVE-2014-2547.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2547", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2547", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2783.json b/2014/2xxx/CVE-2014-2783.json index 7a4d02e595d..69585a3eb33 100644 --- a/2014/2xxx/CVE-2014-2783.json +++ b/2014/2xxx/CVE-2014-2783.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka \"Extended Validation (EV) Certificate Security Feature Bypass Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" - }, - { - "name" : "68391", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/68391" - }, - { - "name" : "1030532", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030532" - }, - { - "name" : "59775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/59775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 through 11 does not prevent use of wildcard EV SSL certificates, which might allow remote attackers to spoof a trust level by leveraging improper issuance of a wildcard certificate by a recognized Certification Authority, aka \"Extended Validation (EV) Certificate Security Feature Bypass Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS14-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-037" + }, + { + "name": "68391", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/68391" + }, + { + "name": "59775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/59775" + }, + { + "name": "1030532", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030532" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2823.json b/2014/2xxx/CVE-2014-2823.json index 33162f6a575..99cbbbec15a 100644 --- a/2014/2xxx/CVE-2014-2823.json +++ b/2014/2xxx/CVE-2014-2823.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-4057." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2014-2823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS14-051", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" - }, - { - "name" : "69119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/69119" - }, - { - "name" : "1030715", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030715" - }, - { - "name" : "60670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/60670" - }, - { - "name" : "ms-ie-cve20142823-code-exec(94980)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, and CVE-2014-4057." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ms-ie-cve20142823-code-exec(94980)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94980" + }, + { + "name": "1030715", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030715" + }, + { + "name": "MS14-051", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" + }, + { + "name": "60670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/60670" + }, + { + "name": "69119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/69119" + } + ] + } +} \ No newline at end of file diff --git a/2014/2xxx/CVE-2014-2902.json b/2014/2xxx/CVE-2014-2902.json index d1a36fb7c20..7b1ecc7b3c9 100644 --- a/2014/2xxx/CVE-2014-2902.json +++ b/2014/2xxx/CVE-2014-2902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-2902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-2902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6004.json b/2014/6xxx/CVE-2014-6004.json index 75b0c203073..6e511a322da 100644 --- a/2014/6xxx/CVE-2014-6004.json +++ b/2014/6xxx/CVE-2014-6004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#913553", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/913553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#913553", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/913553" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6007.json b/2014/6xxx/CVE-2014-6007.json index e21d7000007..a995a489c2b 100644 --- a/2014/6xxx/CVE-2014-6007.json +++ b/2014/6xxx/CVE-2014-6007.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#816137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/816137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#816137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/816137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6137.json b/2014/6xxx/CVE-2014-6137.json index 449ea8e18a6..e91d23e8cbf 100644 --- a/2014/6xxx/CVE-2014-6137.json +++ b/2014/6xxx/CVE-2014-6137.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2014-6137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692516", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21692516" - }, - { - "name" : "72559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/72559" - }, - { - "name" : "ibm-endpointmanager-cve20146137-xss(96817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-endpointmanager-cve20146137-xss(96817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96817" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21692516", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21692516" + }, + { + "name": "72559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/72559" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6201.json b/2014/6xxx/CVE-2014-6201.json index c0a37f9b93e..a7ccf786b25 100644 --- a/2014/6xxx/CVE-2014-6201.json +++ b/2014/6xxx/CVE-2014-6201.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6201", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-6201", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6891.json b/2014/6xxx/CVE-2014-6891.json index 679c28d55ae..7756c073d90 100644 --- a/2014/6xxx/CVE-2014-6891.json +++ b/2014/6xxx/CVE-2014-6891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - }, - { - "name" : "VU#589977", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/589977" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#589977", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/589977" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/6xxx/CVE-2014-6963.json b/2014/6xxx/CVE-2014-6963.json index 7caacb01081..b4b04e573eb 100644 --- a/2014/6xxx/CVE-2014-6963.json +++ b/2014/6xxx/CVE-2014-6963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-6963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-6963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#269921", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/269921" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#269921", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/269921" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7188.json b/2014/7xxx/CVE-2014-7188.json index ceff4bcb599..0dc8d78e24f 100644 --- a/2014/7xxx/CVE-2014-7188.json +++ b/2014/7xxx/CVE-2014-7188.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-7188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf", - "refsource" : "MISC", - "url" : "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-108.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-108.html" - }, - { - "name" : "http://support.citrix.com/article/CTX200218", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX200218" - }, - { - "name" : "http://support.citrix.com/article/CTX201794", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX201794" - }, - { - "name" : "DSA-3041", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-3041" - }, - { - "name" : "FEDORA-2014-12002", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html" - }, - { - "name" : "FEDORA-2014-12000", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" - }, - { - "name" : "FEDORA-2014-12036", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" - }, - { - "name" : "GLSA-201412-42", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201412-42.xml" - }, - { - "name" : "openSUSE-SU-2014:1279", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:1281", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" - }, - { - "name" : "70198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/70198" - }, - { - "name" : "1030936", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1030936" - }, - { - "name" : "61664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61664" - }, - { - "name" : "61858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61858" - }, - { - "name" : "61890", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/61890" - }, - { - "name" : "xen-cve20147188-dos(96785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host crash) or read data from the hypervisor or other guests via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:1281", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html" + }, + { + "name": "FEDORA-2014-12000", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140483.html" + }, + { + "name": "http://support.citrix.com/article/CTX201794", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX201794" + }, + { + "name": "openSUSE-SU-2014:1279", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html" + }, + { + "name": "http://support.citrix.com/article/CTX200218", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX200218" + }, + { + "name": "FEDORA-2014-12002", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140199.html" + }, + { + "name": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf", + "refsource": "MISC", + "url": "http://www.c7zero.info/stuff/csw2017_ExploringYourSystemDeeper_updated.pdf" + }, + { + "name": "1030936", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1030936" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-108.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-108.html" + }, + { + "name": "FEDORA-2014-12036", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140418.html" + }, + { + "name": "61664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61664" + }, + { + "name": "DSA-3041", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-3041" + }, + { + "name": "61858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61858" + }, + { + "name": "61890", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/61890" + }, + { + "name": "GLSA-201412-42", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201412-42.xml" + }, + { + "name": "xen-cve20147188-dos(96785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96785" + }, + { + "name": "70198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/70198" + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7601.json b/2014/7xxx/CVE-2014-7601.json index f457b5fc276..93a4595536a 100644 --- a/2014/7xxx/CVE-2014-7601.json +++ b/2014/7xxx/CVE-2014-7601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7601", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-7601", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2014/7xxx/CVE-2014-7605.json b/2014/7xxx/CVE-2014-7605.json index 67645c942dc..97925503782 100644 --- a/2014/7xxx/CVE-2014-7605.json +++ b/2014/7xxx/CVE-2014-7605.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2014-7605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2014-7605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" - }, - { - "name" : "VU#387137", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/387137" - }, - { - "name" : "VU#582497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application 1.6.24.477 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#387137", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/387137" + }, + { + "name": "VU#582497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582497" + }, + { + "name": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0149.json b/2017/0xxx/CVE-2017-0149.json index 2f851bdec66..ed82b6fb563 100644 --- a/2017/0xxx/CVE-2017-0149.json +++ b/2017/0xxx/CVE-2017-0149.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-0149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Internet Explorer 9 through 11" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-0149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Internet Explorer 9 through 11" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149" - }, - { - "name" : "96724", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96724" - }, - { - "name" : "1038008", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038008" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\" This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0149" + }, + { + "name": "96724", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96724" + }, + { + "name": "1038008", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038008" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0311.json b/2017/0xxx/CVE-2017-0311.json index 27b7a3517cc..02cb5c45d12 100644 --- a/2017/0xxx/CVE-2017-0311.json +++ b/2017/0xxx/CVE-2017-0311.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "ID" : "CVE-2017-0311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GPU Display Driver", - "version" : { - "version_data" : [ - { - "version_value" : "Only affects R378" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Escalation of Privileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "ID": "CVE-2017-0311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GPU Display Driver", + "version": { + "version_data": [ + { + "version_value": "Only affects R378" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Escalation of Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0708.json b/2017/0xxx/CVE-2017-0708.json index 05e58bd8091..b92bd7a7d96 100644 --- a/2017/0xxx/CVE-2017-0708.json +++ b/2017/0xxx/CVE-2017-0708.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-07-05T00:00:00", - "ID" : "CVE-2017-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-07-05T00:00:00", + "ID": "CVE-2017-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A information disclosure vulnerability in the HTC sound driver. Product: Android. Versions: Android kernel. Android ID: A-35384879." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99474" + } + ] + } +} \ No newline at end of file diff --git a/2017/0xxx/CVE-2017-0742.json b/2017/0xxx/CVE-2017-0742.json index 4cc1e91c5c7..c8596a49205 100644 --- a/2017/0xxx/CVE-2017-0742.json +++ b/2017/0xxx/CVE-2017-0742.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2017-08-07T00:00:00", - "ID" : "CVE-2017-0742", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2017-08-07T00:00:00", + "ID": "CVE-2017-0742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-08-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-08-01" - }, - { - "name" : "100209", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A elevation of privilege vulnerability in the MediaTek video driver. Product: Android. Versions: Android kernel. Android ID: A-36074857. References: M-ALPS03275524." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100209", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100209" + }, + { + "name": "https://source.android.com/security/bulletin/2017-08-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-08-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/1000xxx/CVE-2017-1000386.json b/2017/1000xxx/CVE-2017-1000386.json index 377fa3daeed..af851d26d60 100644 --- a/2017/1000xxx/CVE-2017-1000386.json +++ b/2017/1000xxx/CVE-2017-1000386.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-11-17", - "ID" : "CVE-2017-1000386", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Active Choices Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "1.5.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins Active Choices Plugin" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2017-11-17", + "ID": "CVE-2017-1000386", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2017-10-23/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-10-23/" - }, - { - "name" : "101538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-10-23/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-10-23/" + }, + { + "name": "101538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101538" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18059.json b/2017/18xxx/CVE-2017-18059.json index a76fcf4fc4d..a1debff0926 100644 --- a/2017/18xxx/CVE-2017-18059.json +++ b/2017/18xxx/CVE-2017-18059.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-05T00:00:00", - "ID" : "CVE-2017-18059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-05T00:00:00", + "ID": "CVE-2017-18059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper input validation for vdev id in wma_scan_event_callback(), which is received from firmware, leads to potential out of bounds memory read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-03-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=217705da7726002ffe61dad51a6c9cc97c52f649" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1164.json b/2017/1xxx/CVE-2017-1164.json index c8d78b6bcaa..0873cdc6769 100644 --- a/2017/1xxx/CVE-2017-1164.json +++ b/2017/1xxx/CVE-2017-1164.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2017-1164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg22009296", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22009296" - }, - { - "name" : "101586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg22009296", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg22009296" + }, + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123036" + }, + { + "name": "101586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101586" + } + ] + } +} \ No newline at end of file diff --git a/2017/1xxx/CVE-2017-1436.json b/2017/1xxx/CVE-2017-1436.json index 76ff487461a..2a7e72e16ee 100644 --- a/2017/1xxx/CVE-2017-1436.json +++ b/2017/1xxx/CVE-2017-1436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-1436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-1436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5591.json b/2017/5xxx/CVE-2017-5591.json index 67119b3e6e7..ebcb8258044 100644 --- a/2017/5xxx/CVE-2017-5591.json +++ b/2017/5xxx/CVE-2017-5591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-5591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-5591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/02/09/29", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/02/09/29" - }, - { - "name" : "https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8", - "refsource" : "MISC", - "url" : "https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8" - }, - { - "name" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" - }, - { - "name" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", - "refsource" : "MISC", - "url" : "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" - }, - { - "name" : "96166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96166" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/02/09/29", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/02/09/29" + }, + { + "name": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/", + "refsource": "MISC", + "url": "https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/" + }, + { + "name": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf", + "refsource": "MISC", + "url": "https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf" + }, + { + "name": "https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8", + "refsource": "MISC", + "url": "https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8" + } + ] + } +} \ No newline at end of file